LDAP-UX Client Services B.05.00 Administrator's Guide
joins an HP-UX OS instance into an existing LDAP-UX domain. The guided installation can
provision information about hosts in the domain into the directory server. The LDAP-UX
domain serves as a focal point for managing hosts, securing data, and in non-Windows AD
environments, for simplifying management of ssh host keys.
The guided installation uses the LDAP-UX domain name to define the suffix of the directory
tree. For example, if the local host is a member of the AccountingDept.acme.com domain,
the directory server instance is named AccountingDept-master by default. The directory
server suffix becomes dc=AccountingDept,dc=acme,dc=com. For more information
about the LDAP-UX domain, see “Principles of the LDAP-UX domain” (page 27).
• DNS (Domain Name System) domain — identifies a specific realm of administrative
autonomy, authority, or control in a namespace. DNS assigns a name server to maintain the
domain namespace and provide translation services between names and associated Internet
Protocol (IP) addresses. The domain name space consists of a tree of domain names.
The HP-UX host system managed by LDAP-UX may participate in a DNS domain. The DNS
domain is often used to register directory servers. The guided installation looks for existing
directory servers in the local host's DNS domain. When creating a new directory server, it
discovers the DNS domain's name and generates the directory server instance name and
suffix from the local host's DNS name.
LDAP-UX can also be used for host-name resolution similar to DNS.
• Windows Server domain — a logical collection of users, groups, and computers running
versions of the Microsoft Windows operating system that share a central directory database.
This central database (known as Active Directory starting with Windows 2000, and as Active
Directory Domain Services starting with Windows Server2003 R2), contains the user accounts
and security information for the resources in that domain. Each person who uses computers
within a domain receives his or her own unique account, or user name. This account can
then be assigned access to resources within the domain. In a domain, the directory resides
on computers that are configured as "domain controllers." A domain controller (DC) is a
server that manages all security-related aspects in user and domain interactions; it responds
to all security authentication requests (logging in, checking permissions, and so forth) within
the domain. Each DC has a copy of the Active Directory; changes on one computer are
synchronized (converged) among all the DC computers by multi-master replication. Servers
joined to the Active Directory that are not domain controllers are called Member Servers.
LDAP-UX Client Services for Microsoft Windows Active Directory allows integration of
user account information into a Microsoft Windows 2003 R2/2008 Active Directory Server.
• NIS (Network Information Service) domain — defines the system of programs and data
files that HP-UX machines use to collect, collate, and share specific information about
machines, users, file systems, and network parameters throughout a network of computers.
Traditionally, HP-UX account and configuration information is stored in text files, for
example, /etc/passwd and /etc/group. NIS was developed to ease system administration
by sharing this information across systems on the network. With NIS, account and
configuration information resides on NIS servers. NIS client systems retrieve this shared
configuration information across the network from NIS servers, and store the retrieved
information (see Figure 1-1 (page 16)).
The NIS/LDAP Gateway (ypldapd) is a product bundled with LDAP-UX Integration. This
product will allow the directory server to act as a repository for an NIS domain and provide
a means to allow for a transition from an NIS domain to a domain managed fully in an LDAP
directory server. The LDAP-UX Client Services product improves on this configuration
information sharing. HP-UX account and configuration information is stored in an LDAP
directory or Windows Active Directory instead of on the local client system. Client systems
retrieve this shared configuration information across the network from the LDAP directory
(see Figure 1-2 (page 16)). LDAP adds greater security, scalability, interoperability with
other applications and platforms, and less network traffic from replica updates.
2.3 Guided installation (autosetup) 37