LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
• ou=People: Stores all users managed in the LDAP-UX domain. Utilities, such as the LDAP
user or group management tools (see Section 9.3 (page 283)) and ldapentry (see
Section 9.4.1 (page 354)) can be used to manage users and accounts under this subtree. The
ou=People subtree is populated with one user, the Domain Administrator. By default, the
LDAP-UX Domain Administrator is named domadmin. The guided installation enables this
name to be changed.
• ou=Groups: Stores all groups managed in the domain. The LDAP user/group management
tools and ldapentry may also be used to manage these groups. This subtree is populated
with the initial management groups, cn=UserAdmins, cn=HostAdmins, and
cn=DomainAdmins. Members of these groups are granted privileges to manage their related
data. For more information about privileges and security in general, see Section 2.3.2.3
(page 37)“Security Framework”.
• ou=Hosts: Registers information about hosts and devices associated with the LDAP-UX domain.
The LDAP host tools ldaphostmgr and ldaphostlist (see Section 9.3 (page 283)), or
ldapentry, can be used to manage hosts and devices under this subtree. When the guided
installation configures LDAP-UX, it initializes this subtree with the local host’s information. Any
additional hosts that use the guided installation to configure LDAP-UX is added under this
subtree (joined to the LDAP-UX domain).
• ou=Configuration,ou=Services: Stores centrally managed configuration information
for LDAP-enabled applications, or information about services available in the domain. The
ldapentry tool can be used to manage items under this subtree. This subtree is populated
with the LDAP-UX configuration profile and will register the HP-UX Directory Server instance
and the CA certificate used in the LDAP-UX domain.
ACIs are created (using the aci attribute) at the root suffix and in the ou=Hosts, ou=People,
and ou=Groups subtrees. These ACIs grant administration privileges to the members of the initial
groups defined in the ou=Groups subtree. Figure 8 (page 33) shows the function of the ACIs for
each subtree. For more information about access control in the LDAP-UX domain, see Section 2.3.2.3
(page 37).
Figure 8 LDAP-UX domain subtrees and ACIs
LDAP_UX Domain
ou=Hosts
host 1
host 2
host 3
host 4
host 5
system and service
information such as
owner, IP address, …
host-based service
...
ou=Services,
ou=Configuration
Service Configuration
LDAP-UX Profile
Directory Server Profile
CA Profile
Identities
ou=Groups
ou=People
Domain Administrators
User Administrators
Host Administrators
...
ACIs allow management
by user and domain
administrator.
ACIs allow management
by domain administrator.
ACIs allow management by
host administrators and owners.
ACIs allow management by
user and host administrators.
2.3 Guided installation (autosetup) for an HP directory server environment 33