LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

401

402

403

404

405

406

407

408

409

410

entry consists of: Service:Attribute=Altattribute,

where Service is one of the supported services:

Supported servicesServer type

Both HP directory server

and Windows ADS (in

a single Windows

domain

)

passwd

group

automount

rpc

networks

hosts

protocols

services

printers

HP directory servers

only

netgroup

publickey

PAM

1 LDAP-UX Client Services using Windows 2003 R2/2008 Active Directory

Server in multiple domains only supports the passwd and group service

data.

Attribute is an attribute of the service as defined by RFC

2307.

Altattribute is the attribute that should be used instead

of the standard attribute.

For example, pam:userPassword=ntUserPassword

maps the userPassword attribute to ntUserPassword

for the PAM service.

passwd:uidnumber=employeeNumber maps the

uidnumber attribute to employeeNumber for the passwd

service.

NOTE: The userPassword attribute is mapped to *NULL*

to prevent passwords from being returned for increased

security and to prevent PAM_UNIX from authenticating users

in the directory server. Mapping to *NULL* or any other

nonexistent attribute means do not return anything.

authenticationMethod is how the client binds to the directory. The value can be

simple indicating bind using a user name and password.

If this attribute has no value, simple is the default.

bindTimeLimit is how long, in seconds, the client should wait to bind before

aborting. 0 (zero) means no time limit. If this attribute has no

value, the default is no time limit.

credentialLevel is the identity clients use when binding to the directory. The

value must be one of the following: proxy, anonymous, or

proxy anonymous. The value proxy means use the

configured proxy user. The value anonymous means use

anonymous access. The value proxy anonymous means use

the configured proxy user and if that fails, bind anonymously.

If this attribute has no value, anonymous is the default.

defaultSearchBase is the base DN where clients can find name service

information. An example for the HP directory

server:ou=hpusers,o=hp.com. An example for Windows

ADS: DC=cup,DC=hp,DC=com.This attribute must have a

value.

B.1 Profile attributes 407