LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
Integrating with Trusted Mode
Chapter 4 89
Others
• The authck -d command removes the /tcb/files/auth/... files
created for LDAP-based accounts. When the LDAP-based account
logs into the system again, a new /tcb/files/auth/... file with
new audit ID is recreated. Therfore, it is not recommended to run the
authck -d command when you configure LDAP-UX with Trusted
Mode.
• You cannot use the Trusted Mode management subsystem in SAM to
manage LDAP-based accounts.
• The LDAP repository and /etc/passwd repository must not contain
accounts with the same login name or account number.
• Except for the audit flag, you cannot modify other Trusted Mode
properties/policies for LDAP-based accounts. For example, if you
attempt to lock an LDAP-based account by modifying the Trusted
Mode field for that user, it does not prevent that account from logging
in to the host. Instead, you must disable the account on the LDAP
server itself. No runtime warning will be given that the local locking
of the account has no effect. It is important that all system
administrators are properly trained, so that administrative locks on
accounts have the desired effect.
Configuration Parameter
LDAP-UX Client Services provides one configuration parameter,
initial_ts_auditing, available for you to configure the initial auditing
setting for the LDAP-based account. This parameter is defined in the
/etc/opt/ldapux/ldapux_client.conf file.