LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
Figure 10 Example directory structure for a single domain
CN=System CN=Users
DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
Figure 11 Example directory structure for multiple domains
CN=System CN=Users
DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
CN=System CN=Users
DC=<name1>, DC=cup, DC=hp, DC=com DC=<name2>, DC=cup, DC=hp, DC=com
group
data
user
data
profile
data
CN=System CN=Users
group
data
user
data
profile
data
NOTE: By default, the CN=system, DC=cup, DC=hp, DC=com configuration container
only exists in the root domain. To create the standard profile path for each child domain, in
LDAP-UX, you must manually create the containers CN=system in each child domain, using
ADSI Edit before you run the setup tool to configure profiles.
Write your configuration profile DN on the worksheet in “Configuration worksheet” (page 403).
• By what method will client systems bind to the directory?
By default, Active Directory does not grant enough access rights to retrieve user and group
information by anonymous access. Therefore, a proxy user needs to be configured.
Write your proxy user DN on the worksheet in “Configuration worksheet” (page 403).
• How will you set up /etc/pam.conf? What other authentication do you want to use and
in what order?
PAM provides authentication services. You can configure PAM to use LDAP, Kerberos, or other
traditional UNIX locations (for example: files or NIS) as controlled by NSS. For more information
on PAM, see the pam(3) and pam.conf(4) manpages, and Managing Systems and Workgroups
at:
http://www.hp.com/go/hpux-core-docs (Click HP-UX 11i v2)
132 Installing and configuring LDAP-UX Client Services for a Windows ADS environment