LDAP-UX Client Services B.04.00.03 Release Notes
LDAP-UX Client Services Release Notes
Limitations in LDAP-UX Client Services
Chapter 1 27
4. pam_kerberos has been integrated with LDAP to fully support
Windows domain authentication and should be used instead of
pam_ldap.
5. LDAP-UX supports coexistence Trusted Mode and Standard Mode
security features. Identities stored in the local host are controlled by
the local security policy. Identities stored in an LDAP directory are
controlled by the LDAP security policy.
6. NSS refers to the Name Service Subsystem, such as passwd, group,
etc... For more information, refer to the nsswitch.conf(4) man
page.
7. PAM refers to the Pluggable Authentication Module subsystem. For
more information, refer to the pam(3) man page.
NOTE To enable publickey with LDAP support, the ONC patches for publickey
enablement for LDAP are required. These ONC patches will be provided
in the future.
Additional Limitations with Active Directory
• ldapentry Not Certified for Active Directory
ldapentry, a new client administration tool to simplify adding,
modifying, and deleting database entries is not certified for use with
Active Directory.
• Limited Name Service Database Support for multiple Domains
LDAP-UX Client Services, using Windows 2000 or 2003 Active
Directory Server with multiple Domains, currently only supports the
passwd and group name services.
• Posix Password Support
Posix password (defined as userPassword in RFC 2307, and
msSFUPassword in SFU 2.0) is not certified.
• User Name Length Restriction
If Windows 2000 or 2003 users are also logging onto HP-UX client
machines, then the maximum length of the user name can be only
eight characters.