LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
For more information about PAM, see the pam(3) and pam.conf(4) manpages, and the Managing
Systems and Workgroups: A Guide for HP-UX System Administrators document at the following
location:
http://www.hp.com/go/hpux-core-docs (click HP-UX 11i v2)
Sample PAM configuration files and details about configuration are included in “Sample PAM
configuration (pam.conf) files ” (page 420).
For information on NSS, see the switch(4) manpage and the "Configuring the Name Service
Switch" chapter in NFS Services Administrator's Guide, available at the following location:
www.hp.com/go/hpux-networking-docs
1.3 Domains in LDAP-UX environments
Several types of domains are discussed in this manual. The following list helps you understand the
significance of each domain.
• LDAP-UX domain — the realm of users, groups, and hosts defined by the LDAP-UX configuration
profile and managed by the LDAP directory server. All hosts configured to point to the same
LDAP-UX configuration profile are considered part of that domain. When you use the guided
installation (autosetup) script to install LDAP-UX and configure a new directory server
environment, the script creates a LDAP-UX domain. When installing into an existing LDAP-UX
(B.05.00 or later) environment, the guided installation joins an HP-UX OS instance into an
existing LDAP-UX domain. The guided installation can provision information about hosts in
the domain into the directory server. The LDAP-UX domain serves as a focal point for managing
hosts, securing data, and in HP directory server environments only, for simplifying management
of ssh host keys.
The guided installation uses the LDAP-UX domain name to define the suffix of the directory
tree. For example, if the local host is a member of the AccountingDept.acme.com domain,
the directory server instance is named AccountingDept-master by default. The directory
server suffix becomes dc=AccountingDept,dc=acme,dc=com. For more information
about the LDAP-UX domain, see Section 2.3.2 (page 31).
• Domain Name System (DNS) domain — identifies a specific realm of administrative autonomy,
authority, or control in a namespace. DNS assigns a name server to maintain the domain
namespace and provide translation services between names and associated Internet Protocol
(IP) addresses. The domain name space consists of a tree of domain names.
The HP-UX host system managed by LDAP-UX may participate in a DNS domain. The DNS
domain is often used to register directory servers. The guided installation looks for existing
directory servers in the local host's DNS domain. When creating a new directory server, it
discovers the DNS domain name and generates the directory server instance name and suffix
from the local host's DNS name.
LDAP-UX may also be used for host-name resolution similar to DNS.
• Windows Server domain — a logical collection of users, groups, and computers running
versions of the Microsoft Windows operating system that share a central directory database.
This central database (known as Active Directory starting with Windows 2000, and as Active
Directory Domain Services starting with Windows Server2003 R2), contains the user accounts
and security information for the resources in that domain. Each person who uses computers
within a domain receives his or her own unique account, or user name. This account can then
be assigned access to resources within the domain. In a domain, the directory resides on
computers that are configured as "domain controllers." A domain controller (DC) is a server
that manages all security-related aspects in user and domain interactions; it responds to all
security authentication requests (logging in, verifying permissions, and so forth) within the
domain. Each DC has a copy of the Active Directory; changes on one computer are
22 Introduction