LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
• Posix Password Support
Posix password (defined as userPassword in RFC 2307, and msSFUPassword in SFU 2.0) is
not certified.
• User and Group Migration
sAMAccountName must be unique across the entire domain. This attribute, used for
pre-Windows 2000 clients, is set by the migration scripts to the value of the common name
(CN).
For example, if a new group in a different section of the dictionary is created to contain all
UNIX users and the common name (CN) of this group is a duplicate of an existing name,
the migration will fail because the sAMAccountName attribute is not unique. You can work
around this limitation by modifying the LDIF file to use a unique value for sAMAccountName.
• Support of Referrals with Active Directory
Referrals with Active Directory are currently not certified.
• Changing the Password for a Disabled User
When a user whose account is stored in ADS is disabled by setting the disable_uid_range
flag in the /etc/opt/ldapux_client.conf file on an HP-UX client system, and PAM_Kerberos is
used as the authenticating method, the passwd command will allow you to change the
password for the disabled user, since LDAP does not control this subsystem.
NIS/LDAP Gateway
This section provides information about known problems fixed in NIS/LDAP gateway,
compatibility and installation requirements, as well as limitations in NIS/LDAP Gateway B.04.10.
The main component of the NIS/LDAP Gateway is ypldapd, a replacement for ypserv, the
NIS server. This software caches the NIS data to maintain good performance. NIS/LDAP Gateway
is compatible with the RFC2307 specification (a schema for storing Posix account and
administration data in an LDAP directory).
Because the NIS/LDAP Gateway software emulates a ypserv, your NIS clients can start using an
LDAP directory without modification. However, with this software you cannot modify your
LDAP account information from an NIS client (that is, you cannot use chfn(1), chsh(1) or passwd(1)
to change your account information). To achieve this, install the LDAP Client Administration
Tools (NisLdapClient subproduct) on some or all of your NIS clients.
Known Problems Fixed in NIS/LDAP Gateway
The following is a list of defect fixes in this release:
• Defect Number JAGaf63885
ldappasswd shows "Unresolved symbol" when using SSL.
• Defect Number JAGaf88392
ypldapd does not detect connection closed by server.
• Defect Number JAGag03291
Regarding NIS to LDAP-UX migration scripts.
• Defect NUmber JAGag07158
The /sbin/init.d/ypladpd daemon reports failure even when configured not to start.
NIS/LDAP Gateway 27