LDAP-UX Integration B.04.20 Release Notes (April 2010 Update)
3.4.3 Configuring for Use with Microsoft Windows Active Directory Server
The LDAP-UX Client Services provides default attributes and search descriptor settings to work
with Microsoft Windows Services for UNIX 3.0 or 3.5 (SFU 3.0/SFU3.5) when working with the
Windows 2003/2003 R2/2008 Active Directory Server.
Windows 2003 R2/2008 Active Directory Server provides the ADS 2003 R2’s RFC2307 schema
which is compliant with the IETF RFC2307 standard.
If you use SFU 2.0 with Microsoft Windows 2003 ADS, you must run setup to select SFU 2.0
before running migration. Alternately, you can manually re-link the attribute configuration file
to SFU 2.0 before running migration. Use the following command to switch to SFU 2.0:
ln -fs /etc/opt/ldapux/default_profile_attr_ads_sfu2.ldif \
/etc/opt/ldapux/default_profile_attr_ads.ldif
If you use R’2 RFC 2307 schema with Windows 2003 R2/2008 ADS, you must run setup to select
RFC2307 before running migration. Alternately, you can manually re-link the attribute
configuration file to RFC2307 before running migration. Use the following command to switch
to RFC2307:
ln -fs /etc/opt/ldapux/default_profile_attr_ads_winr2.ldif \
/etc/opt/ldapux/default_profile_attr_ads.ldif
LDAP-UX Client Services will also use SFU 3.0/3.5 in the absence of the softlink
/etc/opt/ldapux/defualt_profile_attr_ads.ldif.
3.4.4 Profile Format Changes
The profile format has been changed in the product version B.04.10. If you previously configured
LDAP-UX B.04.00 or earlier version using the default profile /etc/opt/ldapux/ldapux_profile.ldif,
and now update the product to version B.04.10 or later, the product will automatically update
/etc/opt/ldapux/ldapux_profile.bin to the new format.
For the following cases, you must manually update the profile format by executing each
PROGRAM line after you update the product to version B.04.10 or later successfully:
• If you previously configured LDA-UX B.04.00 or earlier version using the different profile
other than /etc/opt/ldapux/ldapux_profile.ldif, and now update the product to version B.04.10
or later.
• If you previously configured LDAP-UX B.04.00 or earlier version to work with ADS multiple
domains, and now update the product to version B.04.10 or later, you must manually execute
each PROGRAM line for remote domains configured in /etc/opt/ldapux/ldapux_client.conf.
For example, if /etc/opt/ldapux/ldapux_client.conf contains the following entries:
Service: NSS
PROFILE_ID="local"
LDAP_HOSTPORT="192.10.10.10:389"
PROFILE_ENTRY_DN="cn=ldapuxprof,CN=Configuration,DC=myorg,DC=mycom,DC=com"
PROGRAM="/opt/ldapux/config/create_profile_cache"
PROFILE_ID="eng.myorg.mycom.com"
LDAP_HOSTPORT="192.10.10.11:389"
PROFILE_ENTRY_DN="cn=ldapuxprof,cn=configuration,dc=eng,dc=myorg,dc=mycom,dc=com"
PROGRAM="/opt/ldapux/config/create_profile_cache \
-i /etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.eng.myorig.mycom.com \
-o /etc/opt/ldapux/domain_profiles/ldapux_profile.bin.eng.myorg.mycom.com"
PROFILE_ID="acct.myorg.mycom.com"
LDAP_HOSTPORT="192.10.10.12:389"
PROFILE_ENTRY_DN="cn=ldapuxprof,cn=configuration,dc=acct,dc=myorg,dc=mycom,dc=com"
PROGRAM="/opt/ldapux/config/create_profile_cache \
-i /etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.acct.myorig.mycom.com \
-o /etc/opt/ldapux/domain_profiles/ldapux_profile.bin.acct.myorg.mycom.com"
After you update the product to version B.04.10 or later successfully, you have to execute
PROGRAM from the command line as follows:
3.4 Installing and Configuring the LDAP-UX Client Services 21