LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
ipHostNumber: 15.13.95.92
cn: machineA
cn: hpma01.cup.hp.com
Also, because LDAP server hosts are sometimes stored using the host name in LDAP referrals,
all the LDAP server host information for your network must be stored in the /etc/hosts file
if you use referrals, and wish to use LDAP-UX for resolving host names.
• Secondary Group
Problem
If a user’s secondary group is specified by x.500-style group p syntax (such as “member”,
“uniquemember”) and its “DN” contains the escape character “\”, LDAP-UX fails to return
the group. As a result, the command “id” will not show the secondary group.
Workaround
To workaround this problem, do not use special characters in “cn” or “uid” when crating
the user entry.
Limitations in LDAP-UX Client Services
The following are limitations in this version of the LDAP-UX Client Services.
Services
When migrating Services data into the LDAP directory, users should keep in mind that only
multiple protocols can be associated with one service name, but not multiple service ports. For
example: the following two lines of data can be stored into server.
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
however, because the port number is different, only one of the following entries can be stored
in to an LDAP server:
netdist 2101/tcp
-or-
netdist 2102/tcp
/etc/pam.conf
HP delivers two PAM example configuration files, /etc/pam.ldap
and/etc/pam.ldap.trusted, in this release. You need to configure /etc/pam.conf properly
for LDAP-UX to work as expected. When you integrate LDAP-UX Client Services with the
Netscape/Red Hat Directory Server and your system is in the standard mode, the pam_unix
library must be defined before pam_ldap as they are in the /etc/pam.ldap file. If your system
is in the trusted mode, the pam_ldap library must be defined before pam_unix, and both libraries
must be specified as "required" under "Session management". See Appendix C, “Sample
/etc/pam.ldap.trusted File”, on LDAP-UX Client Services Administrator’s Guide for details.
LDAP Directory Interoperability
The LDAP-UX product has been certified under the OpenGroup’s works with LDAP 2000
branding.
LDAP-UX has been designed to work with any directory server that can support the RFC 2307
schema or similar syntactic schema (such as the Microsoft Services For Unix 3.0 schema). The
LDAP-UX product requires the "Configuration Profile" schema, which is defined at the IETF
drafts web site http://www.ietf.org/ID.html.
22 LDAP-UX Integration B.04.10 Release Note