LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Active Directory Multiple Domains
Resolving Duplicate Entries
Chapter 3 67
Resolving Duplicate Entries
In the Windows 2000 or 2003 environment, a user account can exist in
multiple domains. Each account has a user principal name (UPN) in the
format <user>@<DNS-domain-name>. Users can log on using UPN
without choosing a domain. Due to the limitation of the HP-UX operating
system, LDAP-UX does not support UPN as in Windows 2000 or 2003. It
is recommended that you configure a unique user name and uid number
in the forest. When the same account exists in multiple domains,
LDAP-UX uses the following rules to return information:
When there are duplicate entries in the local domain
LDAP-UX returns the first entry found.
When there are duplicate entries in remote domains
• If the remote domains are configured, LDAP-UX searches each
domain in the configuration sequence and returns data from the first
entry found.
• If only GCS is configured, LDAP-UX returns a NOT_FOUND message.
• If both remote domains and GCS are configured, LDAP-UX searches
remote domains first, and returns the first entry found. If no entry is
found in the remote domains, and duplicate entries are in other
domains in the forest, LDAP-UX returns a NOT_FOUND message.
When there are duplicate entries in both local and
remote Domains
LDAP-UX returns the first entry found in the local domain.
When LDAP-UX returns a NOT_FOUND message, the user cannot log into
HP-UX clients. Therefore, if you want to allow a user in remote domains
to log into HP-UX, it is better to have a unique user name and uid
number for each user in the entire forest. Otherwise, be sure that your
multiple domain configuration allows LDAP-UX to return data.