LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

Preface

About This Document

This document describes the installation and administration tasks of LDAP-UX Client Services

with Microsoft Windows 2000, 2003 or 2003 R2 Active Directory.

Intended Audience

This document is intended for system and network administrators responsible for installing,

configuring, and managing LDAP-UX Client Services with Microsoft Windows 2000, 2003 or

2003 R2 Active Directory Server.

New and Changed Documentation in This Edition

This edition documents the following new information for the LDAP-UX Client Services version

B.04.10:

• Support dynamic groups, this feature provides a reference to a dynamically managed group

based on the user's status in an organization. A user can be added to or removed from a

group dynamically based on his/her most current status.

• Enhance PAM_Authz to provide LDAP account and password security policy enforcement

without requiring LDAP-based authentication. This feature supports applications which

have already performed authentication, such as secure shell (SSH) or the r-commands.

• Support dynamic variables in the ldap_filter type of the access rule.

• Enhance PAM_Authz to provide meaningful error messages. For example, if the pam_authz

policy rule indicates that an account has been locked out or a password has expired,

pam_authz can return an appropriate PAM error code instead of a general deny error code.

• Support new extension operation of TLS protocol called startTLS to secure communication

between LDAP clients and Windows Active Directory Server (ADS). An encrypted connection

can be established on an un-encrypted port, such as 389.

• Support the schema extension utility which provides functionality to add new application

specific schema definitions to the current schema definitions. This tool allows creation of a

single schema definition in a general purpose format which can be installed on a number

of different directory servers types (such as RHDS, Windows ADS, etc…).

Publishing History

The manual printing date and part number indicate its current edition. The printing date will

change when a new edition is printed. Minor changes may be made at reprint without changing

the printing date. The manual part number will change when extensive changes are made.

Manual updates may be issued between editions to correct errors or document product changes.

To ensure that you receive the updated or new editions, you should subscribe to the appropriate

product support service. Contact your HP sales representative for details.

Table 1 Publishing History Details

Publication DateSupported Product

Versions

Operating Systems

Supported

Document Manufacturing Part

Number

September 2002B.03.0011.0, 11iJ4269-90017

September 2003B.03.1011.0, 11i v1 and v2J4269-90027

October 2003B.03.2011.0, 11i v1 and v2J4269-90031

July 2004B.03.3011.0, 11i v1J4269-90039

September 2004B.03.3011.0, 11i v1 and v2J4269-90041

About This Document 15