LDAP-UX Client Services B.04.00 Release Notes
LDAP-UX Client Services Release Notes
Limitations in LDAP-UX Client Services
Chapter 136
4. pam_kerberos has been integrated with LDAP to fully support
Windows domain authentication and should be used instead of
pam_ldap.
5. LDAP-UX supports coexistence Trusted Mode and Standard Mode
security features. Identities stored in the local host are controlled by
the local security policy. Identities stored in an LDAP directory are
controlled by the LDAP security policy.
6. NSS refers to the Name Service Subsystem, such as passwd, group,
etc... For more information, refer to the nsswitch.conf(4) man
page.
7. PAM refers to the Pluggable Authentication Module subsystem. For
more information, refer to the pam(3) man page.
NOTE To enable publickey with LDAP support, the ONC patches for publickey
enablement for LDAP are required. These ONC patches will be provided
in the future.
Additional Limitations with Active Directory
• ldapentry Not Certified for Active Directory
ldapentry, a new client administration tool to simplify adding,
modifying, and deleting database entries is not certified for use with
Active Directory.
• Limited Name Service Database Support for multiple Domains
LDAP-UX Client Services, using Windows 2000 or 2003 Active
Directory Server with multiple Domains, currently only supports the
passwd and group name services.
• Posix Password Support
Posix password (defined as userPassword in RFC 2307, and
msSFUPassword in SFU 2.0) is not certified.
• User and Group Migration
sAMAccountName must be unique across the entire domain. This
attribute, used for pre-Windows 2000 clients, is set by the migration
scripts to the value of the common name (CN).