LDAP-UX Client Services B.04.00.03 Release Notes HP-UX 11i v2 Manufacturing Part Number : J4269-90068 E1006 © Copyright 2006, Hewlett-Packard Company. .
Legal Notice Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Copyright © 2006 Hewlett-Packard Company. This document contains information which is protected by copyright.
1 LDAP-UX Client Services Release Notes LDAP-UX Client Services Overview LDAP-UX Client Services integrate HP-UX systems with an LDAP directory. Specifically this product allows HP-UX client systems to use an LDAP directory as its repository for name service data. Client systems get name service data from an LDAP directory as well as from /etc/passwd and /etc/group files and other name services.
LDAP-UX Client Services Release Notes LDAP-UX Client Services Overview What’s New in Version B.04.00.03 LDAP-UX Client Services B.04.00.03 is supported on HP-UX 11i v2. It is a fix release and addresses problems resolved since version B.04.00. Please refer to the section “Known Problems fixed in Version A.04.00.03” on page 5 for details.
LDAP-UX Client Services Release Notes Known Problems fixed in Version A.04.00.03 Known Problems fixed in Version A.04.00.03 The following is a list of defect fixes in this release: • Defect Number JAGaf70053 Resloved a potential error message when updating in OE envirnoment. The fix required modification in software depot packaging only. No functionality change in LDAP-UX is involved. • Defect Number JAGaf70909 In LDPA-UX setup, all leading blanks for attributemap string will be removed.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Preparing for Installation Memory Requirements. This product has minimal memory and disk requirements. However with the addition of the ldapclientd caching daemon, additional memory may be required to support very large name spaces (more than 50,000 users, for example) on very active hosts. The statistics operation (-S) on ldapclientd can be used to determine memory requirements.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Patches for Related Products on HP-UX 11i v2 In order to use some of the feature of the LDAP-UX Client Services B.04.00 or later version on HP-UX 11i v2, Table 1-1 shows patches for other products are needed: Table 1-1 Patches on HP-UX 11i v2 Patch Number PHNE_33100 NOTE Platform Workstation/ Server Automatic Reboot? yes Description ONC AutoFS LDAP support patch.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Select and download the following software bundle: Enhkey B.11.23.01 HP-UX B.11.23 IA+PA depot for HP-UX 11i v2 For detailed information, refer to the ONC With Publickey LDAP Support Software Pack Release Notes available at http://docs.hp.com. NOTE If publickey support with LDAP is not required in your environment, installation of the Enhkey software bundle is not required.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Step 2. Run swinstall and install the LDAP-UX Client Services (LdapUxClient subproduct). It installs the product software in /opt/ldapux and /etc/opt/ldapux directories. Step 3. If you require ONC publickey, ONC AutoFS, or integration with Active Directory Server, please see the above section for details about required product versions and how to obtain them. Install those products and/or patches for this step. Step 4.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX 4I2vvzz2i1Ubq+Ajcf1y8sdafuCmqTgsGUYjy+J1weM061kaWOt0HxmXmrUdmenF skyfHyvEGj8b5w6ppgIIA8JOT7z+F0w+/mig= --------------- END CERTIFICATE -------------------------------------- Step 2. Use the rm command to remove the old database files, /etc/opt/ldapux/cert8.db and /etc/opt/ldapux/key3.db: rm -f /etc/opt/ldapux/cert8.db /etc/opt/ldapux/key3.db Step 3.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX /opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \ "P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert NOTE The -t "p,," represents the minimum trust attributes that may be assigned to the LDAP server’s certificate for LDAP-UX to successfully use SSL to connect to the LDAP directory server. See http://www.mozilla.org/projects/security/pki/nss/tools/certutil.ht ml for additional information.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Step 2. Save a copy of /etc/pam.conf and modify the original file to add /usr/lib/security/libpam_ldap.1 on the HP-UX 11i v1 system or libpam_ldap.so.1 on the HP-UX 11i v2 system where it is appropriate. If your system is in the standard mode, see /etc/pam.ldap for an example. If your system is in the Trusted Mode, see /etc/pam.ldap.trusted for an example. NOTE If you use PAM Kerberos, you must configure PAM Kerberos.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX Alternately, you can manually re-link the attribute configuration file to SFU 2.0 before running migration. Use this command to switch to SFU 2.0: ln -fs /etc/opt/ldapux/default_profile_attr_ads_sfu2.ldif\ /etc/opt/ldapux/default_profile_attr_ads.ldif LDAP-UX Client Services will also use SFU 2.0 in the absence of the softlink /etc/opt/ldapux/defualt_profile_attr_ads.ldif.
LDAP-UX Client Services Release Notes Installing, Configuring and Removing LDAP-UX PROFILE_ID="acct.myorg.mycom.com" LDAP_HOSTPORT="192.10.10.12:389" PROFILE_ENTRY_DN="cn=ldapuxprof,cn=configuration,dc=acct,dc=myorg,dc=mycom, \ dc=com" PROGRAM="/opt/ldapux/config/create_profile_cache \ -i /etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.acct.myorig.mycom.com \ -o /etc/opt/ldapux/domain_profiles/ldapux_profile.bin.acct.myorg.mycom.com" After you update the product to version B.04.
LDAP-UX Client Services Release Notes Installing and Configuring LDAP Client Administration Tools Installing and Configuring LDAP Client Administration Tools This section provides basic instructions for installing the LDAP Client Administration Tools. For complete installation and configuration instructions, see NIS/LDAP Gateway Administrator’s Guide. Preparing for Installation Verify you have at least 36 megabytes of free disk space under /opt.
LDAP-UX Client Services Release Notes Documentation Documentation The documentation below is available on the HP-UX Documentation web site at http://docs.hp.com/hpux/internet or where indicated. Table 1-2 Documentation for LDAP-UX Client Services and NIS/LDAP Gateway Title 16 Description LDAP-UX Client Services B.04.00 Administrator’s Guides How to install, configure, administer, tune and troubleshoot the LDAP-UX Client Services. (part number J4269-90053) LDAP-UX Client Services B.04.
LDAP-UX Client Services Release Notes Documentation Related Documentation Chapter 1 • Netscape Directory Server for HP-UX Administrator’s Guide and other titles available at: http://docs.hp.com/hpux/internet • NIS/LDAP Gateway Administrator’s Guide (J4269-90028) available at: http://docs.hp.com/hpux/internet • Various white papers related to LDAP-UX are available at: http://docs.hp.com/hpux/internet • Preparing your LDAP Directory for HP-UX Integration White Paper available at: http://docs.hp.
LDAP-UX Client Services Release Notes Known Problems and Workarounds Known Problems and Workarounds For LDAP-UX Client Services This section describes all currently known problems with the LDAP-UX Client Services product. • Active Directory Server If password expires, the user cannot log into HP-UX clients. The administrator will have to reset the password or the user will have to log into the Windows 2000 or 2003 system to reset password before he can log into HP-UX machines.
LDAP-UX Client Services Release Notes Known Problems and Workarounds A single entry representing a host/computer in an LDAP directory can contain multiple IP addresses for each hostname record. The /etc/hosts file, however, requires a separate entry for each IP address. If the system has been configured with multiple IP addresses for the same hostname, then the migration script migrate_host.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services Limitations in LDAP-UX Client Services The following are limitations in this version of the LDAP-UX Client Services. /etc/pam.conf HP delivers two PAM example configuration files, /etc/pam.ldap and /etc/pam.ldap.trusted, in this release. You need to configure /etc/pam.conf properly for LDAP-UX to work as expected.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services • Microsoft Windows 2000/2003 Active Directory - Fully tested and supported • OpenLDAP 2.1.13a - Verified with limited support — Manual schema installation required • Novell eDirectory 8.7 - Minimally verified • IBM IDS 5.1 - Minimally verified • Oracle Internet Directory 9.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services — group — netgroup — services — rpc — hosts — networks — autofs — publickey — protocols — user-defined maps • LDAP-UX Client Services using Windows 2000/2003 Active Directory Server does not support netgroup, automount and publickey service data. • LDAP-UX Client Services using Windows 2000/2003 Active Directory Server currently supports hosts, protocols, networks, rpc, and services in a single domain.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services SSL With Windows 2000 Active Directory Server The Windows 2000 Active Directory Server requires Services Pack 4. Limitations of Printer Configurator • The new LDAP printer schema based on IETF is imported into the LDAP Directory Server to create the printer objects.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services Table 1-3 (Continued) groupadd(1M), groupdel(1M), groupmod(1M) These commands do not manage group information in the directory. To change entries in a directory, you can use directory administration tools such as ldapmodify, ldapsearch, ldapdelete and ldapentry.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services which it can use to bind to the directory server. The same is true if Kerberos is used for authentication; libpam_ldap can not be used for security policy enforcement alone.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services networks name service protocols name service rpc name service automount name service aliases name service services name service publickey name service printer configurator pam_authz X.500-style group syntax pam_ldap Trusted Mode Security[5] Standard Mode Security LDAP Command-line Utils.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services 4. pam_kerberos has been integrated with LDAP to fully support Windows domain authentication and should be used instead of pam_ldap. 5. LDAP-UX supports coexistence Trusted Mode and Standard Mode security features. Identities stored in the local host are controlled by the local security policy. Identities stored in an LDAP directory are controlled by the LDAP security policy. 6.
LDAP-UX Client Services Release Notes Limitations in LDAP-UX Client Services • User and Group Migration sAMAccountName must be unique across the entire domain. This attribute, used for pre-Windows 2000 clients, is set by the migration scripts to the value of the common name (CN).
LDAP-UX Client Services Release Notes Limitations in NIS/LDAP Gateway Limitations in NIS/LDAP Gateway The following are limitations in this version of the NIS/LDAP Gateway. • Crypt Passwords The NIS/LDAP Gateway product requires that user passwords be stored in the directory server in the same format as stored in an /etc/passwd file. This is known as “Unix Crypt” format. If your directory server does not understand the {crypt} data type, you can still use the NIS/LDAP Gateway server.
LDAP-UX Client Services Release Notes Limitations in NIS/LDAP Gateway 30 Chapter 1
