LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
greater scalability, operation with other applications and platforms, and less network traffic from
replica updates.
Figure 2 A simplified LDAP-UX Client Services environment
LDAP Client Requests
Replicates
Replicates
Active Directory
Domain Controller
Active Directory
Domain Controller
LDAP-UX clientLDAP-UX client
LDAP-UX Client Services for Microsoft Windows 2003 R2/2008 Active Directory supports the
passwd and group name service data. Refer to the LDAP-UX Integration B.05.00 Release Notes
for any additional supported services.
1.2 How LDAP-UX Client Services works
LDAP-UX Client Services leverage the authentication mechanism provided in the Pluggable
Authentication Module (PAM), and the naming services provided by the Name Service Switch
(NSS). For information on PAM, see pam(3), pam.conf(4), and Managing Systems and
Workgroups at:
http://www.hp.com/go/hpux-core-docs (Click HP-UX 11i v2)
For information on NSS, refer to nsswitch.conf(4) and "Configuring the Name Service Switch"
in NFS Services Administrator's Guide at:
http://www.hp.com/go/hpux-core-docs (Click HP-UX 11i v3)
These extensible mechanisms allow new authentication methods and new name services to be
installed and used without changing the underlying HP-UX commands. In particular, PAM architecture
now supports Kerberos authentication, which allows integration of HP-UX account management in
Windows Server 2003 R2/2008.
Kerberos, an industry standard for network security, is seamlessly integrated in the Windows Server
2003 R2/2008 through the automatic configuration of Active Directory domain controllers to
provide Kerberos with authentication services. This enables Windows Server 2003 R2/2008 to
authenticate Kerberos clients regardless of what platform they reside. Figure 3 illustrates the
integration between HP-UX and Windows 2003 R2/2008 (Windows Services for UNIX) version
2.0.
1.2 How LDAP-UX Client Services works 11