Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
61626364656667686970
3 Active Directory multiple domains
This chapter contains information specific to multiple domains. If you do not store and group
information in multiple domains, you can skip this chapter.
3.1 Domain term definitions
The following section defines common multiple domain terms.
3.1.1 Multiple domains
Supported multiple domains refer to domains in an ADS forest. Domains from different forests are
not supported.
3.1.2 Local domains
Local domain is the first domain configured using the LDAP-UX setup tool after choosing Windows
2003 R2 or 2008 ADS as your directory server. The local domain is also the only domain
configured if you select a single domain to store your POSIX information. When LDAP-UX retrieves
POSIX information, the local domain is always the first domain searched. If the entry is found in
the local domain, the search stops. Therefore, the local domain is the primary domain where
frequently accessed information should be stored. Its profile configuration is /etc/opt/ldapux/
ldapux_profile.bin.
3.1.3 Remote domains
Remote Domains are all domains in the forest other than the local domain. When multiple domain
support is selected during setup, you are guided to configure profiles for remote domains. When
LDAP-UX cannot find data from the local domain, remote domains are searched.
3.1.4 Global Catalog Server
Global Catalog Server (GCS) is the domain controller that hosts the global catalog for a forest.
The global catalog contains partial information for each domain. LDAP-UX utilizes this feature to
determine to which domain a queried data belongs. The root domain is the default GCS.
3.2 Retrieving data from a remote domain
LDAP-UX can retrieve data from a remote domain using three methods:
Remote Domain Configuration
This method allows you to configure a sequence in which LDAP-UX searched remote domains.
If you know in which domains your data resides, you can use setup to configure a remote
domain sequence. When LDAP-UX does not find data in the local domain, all remote domains
are searched in the specified order until the data is found.
GCS
This method allows you to configure LDAP-UX to search the GCS first. If you are not sure in
which domains the data resides, you can configure LDAP-UX to search the GCS first to
determine in which domain the requested data resides, then connect to that specific domain
controller to retrieve complete POSIX information. However, by default, the global catalog
does not contain any POSIX attributes. You should add some POSIX attributes into the global
catalog. For information, refer to Section 3.6.6 (page 68).
You also need a configuration profile that specifies which server (and port) serves as the GCS.
The GCS profile is stored locally in /etc/opt/ldapux/domain_profiles/
ldapux_profile.bin.gc.
64 Active Directory multiple domains