LDAP-UX Integration B.04.20 Release Notes (June 2009)
Limitations with IBM Tivoli Directory Server v6.2
HP has performed integration testing and supports LDAP-UX version B.04.20 with IBM Tivoli
Directory Server (TDS) v6.2. However, there are known limitations with this integration and
some features of LDAP-UX are not supported in version B.04.20 or earlier versions.
Configuration Limitations
• The /opt/ldapux/config/setup utility configures the LDAP-UX product. This utility
displays the following message when the initial configuration is started:
Select which Directory Server you want to connect to:
1. Netscape or Red Hat Directory
2. Windows 2000/2003/2003 R2/2008 Active Directory
To accept the default shown in brackets, press the Return key.
Directory Server: [1]:
TDS is not an available option. Select option 1 to use LDAP-UX with TDS.
• The setup utility attempts to install various schemas that are useful for product operation
or required for product configuration. The two known issues when installing these schema
are:
— The Configuration Profile Schema, as described by RFC4876, allows for configuration
of numerous LDAP-UX clients using a single shared configuration. When setup attempts
to install this schema, it might fail with an error. The directory server reports an error
that a schema constraint violation occurred due to a collision. This error is caused by
the method TDS uses to map LDAP attribute names into DB2 table names. It occurs
when two different LDAP attribute names generate the same DB2 table name, even
though different attribute names are used. To work around this problem, use the process
described in “Known Problems and Workarounds” (page 32)
— The setup utility reports that the automount schema, as defined by RFC2307, is not
installed on the directory server. It then asks if the setup administrator would like to
install that schema. However, TDS v6.2 does provide the full RFC2307 schema by default.
The setup utility reports this message in error and the administrator should select No
when asked if setup should attempt to install the automount schema.
Utilities
• By default, TDS provides strict schema checking. This feature results in some strict usage
of LDAP-UX utilities.
For example, TDS enforces the definition that directory entries using the groupOfNames
or groupOfUniqueNames object classes must have at least one member. If LDAP-UX is
configured to use either of these object classes to represent group membership in HP-UX,
then at least one member must be specified using the -M option when the ldapugadd
command is used to create a new group.
• Some directory servers support the curly brace syntax in the userPassword attribute, such
as the {crypt} prefix that is used to create a Unix-style hashed password in the userPassword
field. This syntax is not compatible with TDS. Commands that generate this syntax should
not be used. For this reason, the -c option on the ldappasswd command is not supported
with TDS.
LDAP-UX is not dependent on the {crypt} password syntax in the userPassword attribute.
The ability to create {crypt} based passwords in ldappasswd is provided for legacy
applications that don’t support the Pluggable Authentication Module (PAM) API and must
examine and set the userPassword field directly.
• Installation of user-defined schema using the ldapschema utility is supported. When using
ldapschema with TDS, the -T "ibm" option should be specified. However, ldapschema
Limitations in LDAP-UX Client Services 31