LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

151

152

153

154

155

156

157

158

159

160

4 Windows Active Directory multiple domains

This chapter contains information specific to multiple domains in a Windows ADS environment. If

you do not store and group information in multiple domains in such an environment, you may skip

this chapter.

4.1 Domain term definitions

The following section defines common multiple domain terms.

4.1.1 Multiple domains

Supported multiple domains refer to domains in an ADS forest. Domains from different forests are

not supported.

4.1.2 Local domains

Local domain is the first domain configured using the LDAP-UX setup tool after choosing Windows

2003 R2 or 2008 ADS as your directory server. The local domain is also the only domain

configured if you select a single domain to store your POSIX information. When LDAP-UX retrieves

POSIX information, the local domain is always the first domain searched. If the entry is found in

the local domain, the search stops. Therefore, the local domain is the primary domain where

frequently accessed information should be stored. Its profile configuration is /etc/opt/ldapux/

ldapux_profile.bin.

4.1.3 Remote domains

Remote Domains are all domains in the forest other than the local domain. When multiple domain

support is selected during setup, you are guided to configure profiles for remote domains. When

LDAP-UX cannot find data from the local domain, remote domains are searched.

4.1.4 Global Catalog Server

Global Catalog Server (GCS) is the domain controller that hosts the global catalog for a forest.

The global catalog contains partial information for each domain. LDAP-UX uses this feature to

determine the domain to which queried data belongs. The root domain is the default GCS.

4.2 Retrieving data from a remote domain

LDAP-UX can retrieve data from a remote domain using three methods:

• Remote Domain Configuration

This method enables you to configure a sequence in which LDAP-UX searched remote domains.

If you know what domains your data resides in, you can use setup to configure a remote

domain sequence. When LDAP-UX does not find data in the local domain, all remote domains

are searched in the specified order until the data is found.

• GCS

This method enables you to configure LDAP-UX to search the GCS first. If you are not sure in

which domains the data resides, you may configure LDAP-UX to search the GCS first to

determine in which domain the requested data resides, then connect to that specific domain

controller to retrieve complete POSIX information. However, by default, the global catalog

does not contain any POSIX attributes. You should add some POSIX attributes into the global

catalog. For information, refer to Section 4.6.6 (page 163).

4.1 Domain term definitions 159