LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
NOTE: SSL/TLS protocols support a variety of different cryptographic algorithms (ciphers) for
use in authentication operations between server and client, certificate transmissions, and session
key establishment. If a cipher is found to be flawed and subject to attack, administrators of HP-UX
and the directory server must know about their vulnerability. Ciphers can be disabled in the directory
server. For information about SSL/TLS ciphers and which ones are supported by LDAP-UX, see
Section 2.4.6.5 (page 84).
When a new directory server instance is created, the guided installation defines the management
framework for the LDAP-UX domain. This framework consists of:
• Directory information tree : Defines the hierarchical structure in which different objects in the
domain are stored, as described in Section 2.3.2.1 (page 32).
• Information model: Defines the types of objects managed in the directory server and the
attributes and object classes that represent them, as described in Section 2.3.2.2 (page 34).
• Security framework: Defines rights to access and modify data in the directory information
tree, including the definition of three management groups, the ACIs that grant permissions to
each group to manage different objects in the directory information tree, and general access
policies such as which attributes are considered public and private. For more information, see
Section 2.3.2.3 (page 37).
2.3.2.1 Directory information tree
When the guided installation creates a new HP-UX Directory Server instance, it creates the foundation
for a directory information tree, which is a name space that stores the users, groups, hosts, and
configuration in the LDAP-UX domain. This tree can be expanded or altered, as long as appropriate
updates are made to the LDAP-UX configuration profile.
To build the directory information tree, the guided installation creates the root suffix based on the
discovered or specified DNS domain. The guided installation uses the domain component syntax
to define the root suffix DN, as defined by RFC 2247. Under that, it defines the organizational
units to act as containers for the users, groups, hosts, and configuration, as shown in Figure 7
(page 32).
Figure 7 Directory information tree
dc=example,dc=com
ou=Configuration
ou=Services
ou=Hosts ou=People
ou=Groups
cn=domain-Idapuxprofile
cn=domain CA Certificate
cn=LDAP Server (domain-master)
cn=UserAdmins
cn=HostAdmins
cn=DomainAdmins
cn=host1
...
uid=domadmin
The subtrees created in the directory information tree are:
32 Installing and configuring LDAP-UX Client Services for an HP server environment