LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
Duplicated Data Entries in ADS Multiple Domains
To better integrate with HP-UX, it is highly recommended that you maintain unique user names
and uid numbers in the forest, or undesired behaviors may occur. For example:
• If an ADS Global Catalog server is configured to retrieve data from remote domains,
LDAP-UX won’t return data if there are duplicate entries in any remote domains
• For users having the same user name in multiple domains, LDAP-UX may return user data
from a different domain if the original domain controller fails
• A user may not be able to change their password if his/her uid number is not unique in the
forest
SSL With Windows 2000 Active Directory Server
The Windows 2000 Active Directory Server requires Services Pack 4.
Limitations of Printer Configurator
• The new LDAP printer schema based on /etc/opt/ldapux/schema/RFC3712.xml is imported
into the Netscape/Red Hat Directory Server to create the printer objects.
• The LDAP-UX Client Services only supports the HP LP spooler system, network printers,
and printer servers that support the Line Printer Daemon (LPD) protocol. The printer
configurator does not support local printers.
• In a global management environment, it is hard to determine a default printer for the
individual client system. The LDAP printer configurator treats every printer entry as the
regular printer. The administrator or user is required to manually select a printer as a default
printer for the client system.
Unsupported Commands
The following HP-UX commands currently do not work with LDAP-UX Client Services:
Table 1-5 Unsupported HP-UX Commands
Does not change the “finger” information for users in the
directory. See the finger(1) man page.
chfn(1)
Does not change the login shell for users in the directory.chsh(1)
The System Administration Manager (SAM) does not
manage name service information in the directory.
sam(1M)
These commands do not manage user information in the
directory.
useradd(1M),
userdel(1M),
usermod(1M)
These commands do not manage group information in
the directory.
groupadd(1M),
groupdel(1M),
groupmod(1M)
To change entries in a directory, you can use directory administration tools such as ldapmodify,
ldapsearch, ldapdelete and ldapentry.
Clear Text Passwords
login(1), passwd(1) and ldappasswd(1) transmit passwords in clear text (unencrypted) over the
network unless SSL or SASL Digest-MD5 authentication is enabled with setup. However, SASL
DIGEST-MD5 may pose a security risk as the Directory Server may store the password in clear
text.
(NOTE: By default, SSL and SASL DIGEST-MD5 authentication is disabled)
24 LDAP-UX Integration B.04.10 Release Note