Manualshelf

LDAP-UX Integration B.04.20 Release Notes (June 2009)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
29303132333435363738
# Modify the values below by specifying a host name and optional port
# number (if not 389) as well as an administrators ID/DN (such as
# cn=root) and password.
#
# Then cut and paste the below on the LDAP-UX client host.
#
HostName="<hostname>[:port]"
AdminID="<adminDN"
AdminPass="<adminPass>"
cd /opt/ldapux/bin
./ldapmodify -h "$HostName" -D "$AdminID" -w "$AdminPass" << EOD
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC
'Maximum time an agent or service allows for a search to complete'
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
add: IBMAttributeTypes
IBMAttributeTypes: (1.3.6.1.4.1.11.1.3.1.1.3 DBNAME ('srctlm' 'srctlm'))
EOD
The above script creates a DB2 table named srctlm and associates it with the searchTimeLimit
attribute, identified by OID 1.3.6.1.4.1.11.1.3.1.1.3. A similar procedure can be used if table
collisions occur with other attributes.
Known Problem
Security Policy Enforcement
Workaround
Some of the password and account policy limitations discussed above are resolved by using the
libpam_authz library to authorize PAM-based services. The libpam_authz library is used
to supplement authorization analysis and does not replace libpam_ldap or any other PAM
library. libpam_authz is configured in the account management section of the /etc/pam.conf
file. For example:
#
# Account management
#
login account required libpam_hpsec.so.1
login account required libpam_authz.so.1
login account sufficient libpam_unix.so.1
login account required libpam_ldap.so.1
su account required libpam_hpsec.so.1
su account required libpam_authz.so.1
su account sufficient libpam_unix.so.1
su account required libpam_ldap.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account required libpam_authz.so.1
dtlogin account sufficient libpam_unix.so.1
dtlogin account required libpam_ldap.so.1
dtaction account required libpam_hpsec.so.1
dtaction account required libpam_authz.so.1
dtaction account sufficient libpam_unix.so.1
dtaction account required libpam_ldap.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_authz.so.1
ftp account sufficient libpam_unix.so.1
ftp account required libpam_ldap.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_authz.so.1
rcomds account sufficient libpam_unix.so.1
rcomds account required libpam_ldap.so.1
Limitations in LDAP-UX Client Services 33