LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
• Microsoft Windows 2003 Release 2 (R2) Active Directory Server (ADS) Certification
In this release, LDAP-UX has been enhanced to support Microsoft Windows 2003 Release
2 Active Directory Server.
Windows 2003 R2 ADS provides the R2’s RFC2307 schema which is compliant with the IETF
RFC2307 standard.
• Long User and Group Name Support
LDAP-UX supports long user and group name of up to 255 characters on an HP-UX 11i v3
system when you explicitly enable the system for expanded user and group name feature
by using the lugadmin -e command. Refer to the lugadmin man page for details.
On HP-UX 11i v1 and v2, the maximum length of the user name can be only eight characters.
• This release supports Mozilla LDAP C SDK version 5.17.1.
Known Problems fixed in LDAP-UX Client Services A.04.10
The following is a list of defect fixes in this release:
• Defect Number JAGaf59448
SSH (Secure Shell) clients fail to establish a login session with an SSH server when using
shadow passwords. PAM account management performed with PAM_LDAP fails. This
prevents the users from successfully logging onto the system.
• Defect Number JAGaf63382
The LDAP-UX Client daemon, ldapclientd, does not start using an updated profile right
away. After the profile is modified on the LDAP server and ldapclientd downloads it,
ldapclientd continues using the old profile information until "connection_ttl" elapses.
The problem is caused by ldapclientd reusing connections based on the old profile
information.
• Defect Number JAGaf63544
The pwget command returns no information about LDAP users. This prevents the users
from logging into the system. This problem can occur if Sun ONE Directory Access Router,
or iPlanet Directory Access Router (iDAR) is used between the LDAP-UX client and the
directory server. The problem is caused by LDAP-UX creating the attribute
DescriptionList with extra blank spaces.
• Defect Number JAGaf71625
Enhancement request to increase the upper limit of the "max_printers" option for printer
configuration from 500 to 4000. Without this enhancement configuring the "max_printers"
option to more than 500 printers causes the LDAP-UX client daemon to return an "out of
range" error message.
• Defect Number JAGaf73431
When the /etc/pam.conf file specifies "use_first_pass" for libpam_ldap,
libpam_ldap redundantly prompts for a password if one was not specified by the first
module configured in the /etc/pam.conf file. The correct behavior for libpam_ldap is to
not prompt for a password in this scenario.
• Defect Number JAGaf78595
The gethostbyname() function fails when managing hostnames with LDAP. This causes
applications like make_arch_config in HP-UX Ignite-UX, ISEE mad, Data Protector and
OVO/ITO clients to fail. The problem is caused by the strtok() function returning a NULL
value when called from the gethostbyname() function.
LDAP-UX Client Services 11