LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Installing LDAP-UX Client Services
Configuring LDAP-UX Client Services
Chapter 2 39
can use either the member or uniqueMember attribute.
LDAP-UX can convert from the DN syntax to the POSIX syntax
(an account name).
For ADS, the typical member attribute would be either
memberUid or preferably the member attribute.
e. Follow the prompts to finish the setup.
23. Select if you want to create custom search descriptors for any of the
supported name services. Select the service you want to create a
custom search descriptor for.
NOTE Custom search descriptors have no relevance for PAM Kerberos.
PAM Kerberos is the only certified authentication method for
LDAP-UX Client Services with Active Directory.
A custom search descriptor consists of three parts: a search base DN,
scope, and filter. Use custom search descriptors if you want clients to
search different locations in the directory or to apply different search
filters. For example, some clients might search for employees only in
a particular department.
Each service can have up to three different search descriptors. The
client uses the search descriptors in order until it finds what it is
looking for.
NOTE The default search base DN for all requests will be set to the
previously specified default search base DN (specified in step 12),
usually the domain root. For very large databases, search
performance can be greatly increased by specifying custom search
descriptors. For example, to search user and group information, set
the search base DN for the user and group services to CN=Users,
DC=cup, DC=hp, DC=com.