LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

341

342

343

344

345

346

347

348

349

350

NOTE: This feature is not supported when using LDAP-UX Client Services with Windows

ADS.

• IPv6 support

LDAP-UX OS integration and management tools can now connect to directory servers

through IPv6 addressing.

• compat mode performance enhancement

For organizations that rely on the legacy netgroup /etc/passwd filtering, the compat mode

performance enhancement significantly improves performance when numerous and large

netgroups are used in the /etc/passwd file for controlling passwd fields.

• Local-only profile support

The centrally managed LDAP-UX configuration profile uses a schema defined by RFC 4876.

For environments where modification of the directory server schema is not allowed and

new schema cannot be installed, the local-only profile allows LDAP-UX to manage

configuration on the local hosts instead of the directory server. You need to use the -l

option with the customized setup program to obtain this feature.

• User Group Management Tools Enhancements

The user and group management tools are enhanced to provide the following:

— The DN of the current user as a default when prompting for a DN before binding to

the directory server.

— The ability to change or reset a user's ADS password if SSL has been configured. This

includes the ability of an administrator to reset a user's password.

• pam_authz Enhancements

The following pam_authz is enhancements have been made:

— pam_authz now allows granular access control policies to be applied to individual

PAM services (such as ftp, telnet, ssh, imapd, and so forth). Different policies can be

applied to each service.

— pam_authz now supports a new action for rules. In addition to allow or deny, the

required rule means that rule must pass and remaining rules must also be processed.

— Previously, pam_authz supported two modes, the netgroup mode, where netgroups

were specified in the /etc/passwd file, or the pam_authz.policy mode, where

rules were defined in the pam_authz.policy file. Those two modes were mutually

exclusive. A new condition rule in the pam_authz.policy file now allows both modes.

• LDAP Host management tools

LDAP-UX Integration B.05.00 supports two new LDAP command-line tools, ldaphostmgr

and ldaphostlist, that allow you to manage information about hosts in the directory

server, including ssh public keys. Using HP Secure Shell version 5.5 or higher, LDAP-UX

ssh key management can pre-establish trust between hosts.

— ldaphostmgr

Use the ldaphostmgr tool to add, modify, or delete information about hosts (OS

instances) that are part of the organization. The ldaphostmgr tool uses the existing

ldapux(5) configuration, requiring only a minimal number of command-line options

to discover where to search for host information, such as what directory server(s) to

contact and proper search filters for finding hosts. It also uses the existing ldapux(5)

authentication configuration to determine how to bind to the LDAP directory server.

ldaphostmgr can be used to centrally manage ssh public keys for hosts, and supports

attribute-mapping for attributes defined by the ipHost objectclass. Additional attributes

used in a host entry (such as owner, entityRole, and so on) are not mapped.

344 Support and other resources