LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

211

212

213

214

215

216

217

218

219

220

Table 22 Security policy status attributes supported for a Windows Active Directory Server (continued)

This integer attribute specifies the time when the account

expires. This value represents the number of

100-nanosecond intervals since January 1, 1601 (UTC).

A value of 0 or 0x7FFFFFFFFFFFFFFF

(9223372036854775807) indicates that the account never

expires.

accountExpires

This integer attribute specifies the date and time (UTC) that

this account was locked out. This value is stored as a large

integer that represents the number of 100-nanosecond

intervals since January 1, 1601 (UTC). A value of zero

means that the account is not currently locked out.

lockoutTime

This integer attribute defines the number of hours that the

user is allowed to log on to the domain.

logonHours

7.5 Adding an HP directory server directory replica

Your HP LDAP directory contains configuration profiles downloaded by each client system and

name service data accessed by each client system. As your environment grows, you might need

to add a directory replica to your environment. LDAP-UX can take advantage of replica directory

servers and the alternates if one of them fails. Follow these steps to inform LDAP-UX about multiple

directory servers:

1. Create and configure your LDAP directory replica. For the HP-UX Directory Server, see the

HP-UX Directory Server deployment guide.

2. Edit an existing profile and modify the defaultServerList or preferredServerList attribute to

specify a replica directory server. See Section 7.10.2 (page 245).

See “LDAP-UX Client Services object classes” (page 406) for a description of the

defaultServerList and preferredServer attributes.

3. On all clients that are to use the replica server, edit the startup file /etc/opt/ldapux/

ldapux_client.conf to refer to the replica host. Modify the LDAP_HOSTPORT line to

specify the replica server.

4. After modifying an existing profile, each client that regularly downloads its profile automatically

will get the changes as scheduled. SeeSection 2.5.8 (page 111).

NOTE: Client systems using an HP LDAP directory replica might not be able to modify the directory

replica. In this case, the passwd command will not work on those systems. They can use the

ldappasswd command described in Section 9.4.2 (page 356).

7.6 Adding additional Windows domain controllers

Your Active Directory contains configuration profiles downloaded by each client system and name

service data accessed by each client system. As your environment grows, you might need to add

additional domain controllers to your environment. Follow these steps:

1. To install and configure a new Active Directory domain controller, use the dcpromo.exe

tool. For more information, see the respective literature on Active Directory or refer to the

Microsoft library at:

http://msdn.microsoft.com/library/default.asp

2. Create a new profile that specifies the new domain controller. The new profile can be identical

to another profile, except the preferredServerList attribute specifies a new domain

controller. For more information, see Section 7.10.3 (page 246).

For a description of the preferredServerList attribute, see “LDAP-UX Client Services

object classes” (page 406).

7.5 Adding an HP directory server directory replica 217