Manualshelf

LDAP-UX Integration B.04.20 Release Notes (April 2010 Update)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
3.6.16 Additional Limitations with Active Directory
ldapentry Not Certified for Active Directory
ldapentry, a new client administration tool to simplify adding, modifying, and deleting
database entries is not certified for use with Active Directory.
Limited Name Service Database Support for multiple Domains
LDAP-UX Client Services, using Windows 2003 or 2008 Active Directory Server with multiple
Domains, currently only supports the passwd and group name services.
Posix Password Support
Posix password (defined as userPassword in RFC 2307, and msSFUPassword in SFU 2.0) is
not certified.
User and Group Migration
sAMAccountName must be unique across the entire domain. This attribute, used for
pre-Windows 2000 clients, is set by the migration scripts to the value of the common name
(CN).
For example, if a new group in a different section of the dictionary is created to contain all
UNIX users and the common name (CN) of this group is a duplicate of an existing name,
the migration will fail because the sAMAccountName attribute is not unique. You can work
around this limitation by modifying the LDIF file to use a unique value for sAMAccountName.
Support of Referrals with Active Directory
Referrals with Active Directory are currently not certified.
Changing the Password for a Disabled User
When a user whose account is stored in ADS is disabled by setting the disable_uid_range
flag in the /etc/opt/ldapux_client.conf file on an HP-UX client system, and PAM_Kerberos is
used as the authenticating method, the passwd command will allow you to change the
password for the disabled user, since LDAP does not control this subsystem.
3.6.17 Limitations with IBM Tivoli Directory Server v6.2
HP has performed integration testing and supports LDAP-UX version B.04.20 with IBM Tivoli
Directory Server (TDS) v6.2. However, there are known limitations with this integration and
some features of LDAP-UX are not supported in version B.04.20 or earlier versions.
3.6.17.1 Configuration Limitations
The /opt/ldapux/config/setup utility configures the LDAP-UX product. This utility
displays the following message when the initial configuration is started:
Select which Directory Server you want to connect to:
1. Netscape or Red Hat Directory
2. Windows 2000/2003/2003 R2/2008 Active Directory
To accept the default shown in brackets, press the Return key.
Directory Server: [1]:
TDS is not an available option. Select option 1 to use LDAP-UX with TDS.
The setup utility attempts to install various schemas that are useful for product operation
or required for product configuration. The two known issues when installing these schema
are:
— The Configuration Profile Schema, as described by RFC4876, allows for configuration
of numerous LDAP-UX clients using a single shared configuration. When setup attempts
to install this schema, it might fail with an error. The directory server reports an error
that a schema constraint violation occurred due to a collision. This error is caused by
3.6 Limitations in LDAP-UX Client Services 29