LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
CN=System, DC=cup, DC=hp, DC=com for a single domain. Figure 6 shows the same
for a multiple domain environment.
Figure 5 Example directory structure for a single domain
CN=System CN=Users
DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
Figure 6 Example directory structure for multiple domains
CN=System CN=Users
DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
CN=System CN=Users
DC=<name1>, DC=cup, DC=hp, DC=com DC=<name2>, DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
CN=System CN=Users
group
data
user
data
profile
data
NOTE: By default, the CN=system, DC=cup, DC=hp, DC=com configuration container
only exists in the root domain. To create the standard profile path for each child domain, in
LDAP-UX, you need to manually create the containers CN=system in each child domain,
using ADSI Edit before you run the setup tool to configure profiles.
Write your configuration profile DN on the worksheet in Appendix A (page 145).
• By what method will client systems bind to the directory?
By default, Active Directory does not grant enough access rights to retrieve user and group
information by anonymous access. Therefore, a proxy user needs to be configured.
Write your proxy user DN on the worksheet in Appendix A (page 145).
• How will you set up /etc/pam.conf? What other authentication do you want to use and
in what order?
PAM provides authentication services. You can configure PAM to use LDAP, Kerberos, or other
traditional UNIX locations (for example: files, NIS, NIS+) as controlled by NSS. For more
information on PAM, see the pam(3) and pam.conf(4) manpages, and Managing Systems
and Workgroups at:
http://www.hp.com/go/hpux-core-docs (Click HP-UX 11i v2)
2.4 Customized installation (setup) 31