LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
preload_maps group.bynam. The user you identify in the binddn must be an LDAP
directory user that is allowed to read the userPassword attribute.
• If the NIS domain you use is the same as the domain being used by an existing NIS server,
you must stop and disable the NIS server. You can do this by executing the command
/sbin/init.d/nis.server stop to stop the NIS server. Then change
NIS_SLAVE_SERVER and NIS_MASTER_SERVER to 0 in the file /etc/rc.config.d/namesvrs.
Once your NIS/Gateway server is running, you can test your setup with a ypcat(1) command,
such as ypcat group. You may need to wait (up to a minute) as the ypbind(1M) process attempts
to find the new NIS/LDAP Gateway server. To avoid this wait, you can stop and restart the client
as follows before issuing the ypcat command:
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
Installing and Configuring LDAP Client Administration Tools
This section provides basic instructions for installing the LDAP Client Administration Tools. For
complete installation and configuration instructions, see NIS/LDAP Gateway Administrator’s Guide.
Configuration Quick Start
This product does not require any specific configuration. However, once you have installed the
product, read the file /opt/ldapux/bin/README-ADMIN for instructions on how to simplify
LDAP directory administration from your LDAP-UX or NIS/LDAP Gateway clients.
You may also wish to create a front-end script to the ldappasswd command, to hide the LDAP
directory from the average HP-UX user.
Below are two examples you can cut and paste into a passwd shell script and then modify for
your environment:
#!/usr/bin/ksh
/opt/ldapux/bin/ldappasswd -b "your_base_DN" -h "ldap_server_host_name" \
-p "ldap_port"
#!/usr/bin/ksh
/opt/ldapux/bin/ldappasswd -b "ou=people,o=hp.com" \
-h "dirserver.lab.hp.com" -p 389
Known Problems and Workarounds
Known Problem
If the NIS Client is on same box as ypldapd, it can bind to wrong server.
Workaround
If you want NIS Clients to bind with specific ypldapd or NIS Server, configure your client’s box
as follows: Specify "YPSET_ADDR=machine’s name" in the etc/rc.config.d/namesrvs file.
Limitations in NIS/LDAP Gateway
The following are limitations in this version of the NIS/LDAP Gateway.
• Crypt Passwords
The NIS/LDAP Gateway product requires that user passwords be stored in the directory
server in the same format as stored in an /etc/passwd file. This is known as “Unix Crypt”
format. If your directory server does not understand the {crypt} data type, you can still use
the NIS/LDAP Gateway server. However, these users will not be able to authenticate to the
directory server. One side effect is that users will not be able to change their own passwords
NIS/LDAP Gateway 29