Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
61626364656667686970
3.6 Changing multiple domain configurations
The following sections explain how to modify your multiple domain configuration.
3.6.1 Removing a remote domain from the search scope
If you originally configure several remote domains without configuring the GCS, and you want to
exclude a domain from the search scope, perform one of the following options:
Run the setup tool, /opt/ldapux/config/setup, to re-configure multiple domains and
exclude the one you want to remove.
Manually edit /etc/opt/ldapux/ldapux_client.conf to remove the configuration for
that specific domain and remove its corresponding profiles:
/etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.<domain>
/etc/opt/ldapux/domain_profiles/ldapux_profile.bin.<domain>
NOTE: The second option is not recommended unless you are an expert administrator of
LDAP-UX in an ADS multiple domain environment.
Both options require you to restart the client daemon /opt/ldapux/bin/ldapclientd
for the changes to take effect.
3.6.2 Adding a remote domain to the search scope
If you originally configure several remote domains without configuring the GCS, and you want to
add a new remote domain into the search scope, run the setup tool to re-configure the multiple
domains and include the new domain in your configuration. When setup is complete, restart the
client daemon, /opt/ldapux/bin/ldapclientd.
3.6.3 Re-ordering the remote domain search sequence
The search sequence is the sequence in which you configured the remote domains during setup.
This sequence is also shown in /etc/opt/ldapux/ldapux_client.conf. To re-order the
remote domain search sequence, either run setup to re-configure the remote domains, or manually
edit the /etc/opt/ldapux/ldapux_client.conf file to re-arrange the order. Restart the
client daemon for the change to take effect.
3.6.4 Adding the GCS into the search scope
The only way that you can add the GCS into the search scope is to run setup and add the GCS
as your multiple domain support. Restart the client daemon for the change to take effect.
3.6.5 Removing the GCS from the search scope
To remove the GCS from the search scope, either run setup to re-configure, or manually edit
/etc/opt/ldapux/ldapux_client.conf to remove the gc section and its corresponding
profiles (/etc/opt/ldapux/domain_profiles/ldapux_profile.bin.gc and
ldapux_profile.ldif.gc). Restart the client daemon for the change to take effect.
3.6.6 Adding POSIX attributes to the global catalog
If you select GCS to support LDAP-UX integration with ADS multiple domains, you should add
POSIX attributes into the global catalog. The needed attributes are those used by getXbyY() APIs
to return data. Only passwd andgroup are supported in multiple domains. Therefore, the following
POSIX attributes must be added into the global catalog (for Windows Server 2003 R2/2008 RFC
2307):
68 Active Directory multiple domains