LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
synchronized (converged) among all the DC computers by multi-master replication. Servers
joined to the Active Directory that are not domain controllers are called Member Servers.
LDAP-UX Client Services for Microsoft Windows Active Directory enables integration of user
account information into a Microsoft Windows 2003 R2 or 2008 Active Directory Server.
• NIS domain — defines the system of programs and data files that HP-UX machines use to
collect, collate, and share specific information about machines, users, file systems, and network
parameters throughout a network of computers. Traditionally, HP-UX account and configuration
information is stored in text files, for example, /etc/passwd and /etc/group. NIS was
developed to ease system administration by sharing this information across systems on the
network. With NIS, account and configuration information resides on NIS servers. NIS client
systems retrieve this shared configuration information across the network from NIS servers,
and store the retrieved information (see Figure 1 (page 17)).
The NIS/LDAP Gateway (ypldapd) is a product bundled with LDAP-UX Integration. This
product, which is not supported with Windows ADS, enables the directory server to act as a
repository for an NIS domain and provides a means to allow for a transition from an NIS
domain to a domain managed fully in an LDAP directory server. The LDAP-UX Client Services
product improves on this configuration information sharing. HP-UX account and configuration
information is stored in an LDAP directory or Windows Active Directory instead of on the local
client system. Client systems retrieve this shared configuration information across the network
from the LDAP directory (see Figure 2 (page 18) and Figure 3 (page 18)). LDAP adds greater
security, scalability, interoperability with other applications and platforms, and less network
traffic from replica updates.
• Administration domain (Admin domain) — for HP-UX Directory Server, a container entry for
server groups, with each server group containing directory server instances that are managed
by the same Configuration Directory Server. This domain is administered by the Configuration
Administrator. Using the hpds-idm-console, the Configuration Administrator can view and
manage all the HP-UX directory server instances in this domain. The Configuration Directory
Server (configuration directory) is used by the hpds-idm-console to discover and manage
information about this domain.
1.4 Administrators and managers in the LDAP-UX directory server
environment
A variety of administrators and managers may be created and involved in the LDAP-UX environment:
• Directory Manager — a unique, powerful user established when a directory server is created.
The Directory Manager is the “super user” who typically has the responsibility of repairing
and recovering from errors in configuration. The Directory Manager is a special entry that
does not have to conform to directory server access control policies. The Directory Manager
can correct problems that affect users who do not have access control privileges to do so.
There is no directory entry for the Directory Manager user; it is used only for authentication.
You cannot create an actual directory server entry that uses the same distinguished name (DN)
as the Directory Manager DN.
The LDAP-UX guided installation establishes the Directory Manager for a newly-created directory
server as cn=Directory Manager (in an HP server environment) or
cn=administrator,cn=user,dc=mydomain,dc=example,dc=com (in a Windows
domain), and requests that you set up a password for this user.
• Configuration Administrator (also known as the Directory Administrator) — a user responsible
for managing the directory servers in the directory server administration domain. This user is
the “super user” that manages all directory server and Administration Server instances through
the Directory Server Console. The default Directory Administrator user name is admin. Every
1.4 Administrators and managers in the LDAP-UX directory server environment 23