LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
• Both Remote Domain Configuration and GCS
If you are sure that you need some specific remote domains, but don't want to exclude other
domains, you can configure both, specifying remote domains and configuring usage of the
GCS. When both are configured, LDAP-UX searches in this sequence:
1. local domain
2. remote domains in the order of configuration
3. GCS to determine in which domain the data resides
4. specific domain determined by GCS
3.2.1 Choosing Remote Domain Configuration or GCS
In order to limit the scope of the LDAP-UX remote domain search to certain domains of the forest,
configure those specific domains using the remote domain configuration. This is the only way to
exclude some domains from the LDAP-UX remote domain search. For example, if your forest contains
DomainA, DomainB, DomainC, and DomainD, but you just want users in DomainA and DomainB
to log into HP-UX, configure either DomainA or DomainB as your local domain, then another
domain as the remote domain during setup, and choose not to use the GCS.
If you want to cover the entire forest in the LDAP-UX remote domain search scope, you can either
explicitly configure every domain (one as "local," and the rest as "remote"), or configure the local
domain and the GCS to support multiple domains. When you choose to configure usage of both
remote domain and GCS support, LDAP-UX searches remote domains, then queries the GCS.
For detailed steps on how to configure multiple domains using the setup tool, see Section 2.4.5
(page 37).
3.3 Downloading an automatic profile
When you select the GCS to retrieve data from remote domains, it is not necessary to specify which
domains LDAP-UX is to search. However, you should create a profile for every domain in the forest
so LDAP-UX has the information about where and how to establish the connection with their domain
controllers in the forest.
Not every LDAP-UX client has to create the profile entry in the directory. The LDAP-UX configuration
profile created by setup and saved in the directory server (ADS domain controller) is designed
to be shared by many clients. In previous releases, when the first LDAP-UX client created the profile
entry in the directory, other LDAP-UX clients still had to download it from the server. In the B.03.00
release, LDAP-UX can automatically download the profile if the following two conditions are met:
• If the first LDAP-UX creating the profile entry in the directory uses a standard profile path (for
example, CN=ldapuxprofile,CN=system,DC=ca,DC=hp,DC=com)
• If LDAP-UX clients use the same DNS for ADS, which can support service location resource
records (SRV) described in RFC 2052
When an LDAP-UX client binds to ADS, if the profile does not exist locally, LDAP-UX queries DNS
for the server and port information, then connects to the server to download the profile entry using
the standard path. This feature eliminates administration costs to set up agreements between
domains. As long as the first LDAP-UX client creates the profile entry using the standard path, the
following LDAP-UX clients automatically download it.
3.3 Downloading an automatic profile 65