Manualshelf

LDAP-UX Integration B.05.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
option for PAM_LDAP, which enables PAM_LDAP to be completely disregarded for specific
local users.
To enable this feature, you must set the ignore option for PAM_LDAP in the
pam_user.conf file for per-user configuration. When you use this option for PAM_LDAP,
PAM returns PAM_IGNORE. For detailed information on how to configure and use this
feature, refer to the LDAP-UX Client Services B.05.00 Administrator's Guide.
proxy_is_restricted and allowed_attribute flags added to configuration file
The proxy_is_restricted and allowed_attribute flags are added to the [general]
section of the configuration file, ldapclientd.conf:
proxy_is_restricted=yes|no
If the proxy user is configured in the LDAP-UX profile and defined in
/etc/opt/ldapux/pcred, this flag attests that the proxy user does not hold privileged
LDAP credentials, meaning the proxy user is restricted in its rights to access "private"
information in the directory server.
allowed_attribute=service:attribute
Some applications, like /opt/ssh/bin/ssh, use ldapclientd to access information
in the directory server, such as the sshPublicKey for users and hosts. By setting
allowed_attribute, applications can access any defined attribute even if the
proxy_is_restricted value is set to no(the default).
These configuration parameters are required to help the ldaphostlist and ldapuglist
tools determine if it is OK for them to display arbitrary attributes. If you used autosetup to
configure LDAP-UX, these values are automatically set. If you have an existing installation
or use the custom install setup program, and are also using a proxy user, you should update
these values.
NOTE: Version 6.0.5 of the Mozilla LDAP SDK includes changes to improve compliance with
the LDAP C API specification defined by the IETF document
draft-ietf-ldapext-ldap-c-api-05.txt. While the majority of these changes are
maintained within the SDK itself, or opaque to the applications, certain applications might be
impacted and require recompiling. For more information, see Section 2.2.1.1 (page 11)
2.2 Compatibility and installation requirements for LDAP-UX Client Services
This section describes compatibility and installation requirements.
2.2.1 Preparing for installation
2.2.1.1 Mozilla LDAP SDK changes and possible effect on applications
Version 6.0.5 of the Mozilla LDAP SDK includes changes to improve compliance with the LDAP
C API specification defined by the IETF document
draft-ietf-ldapext-ldap-c-api-05.txt. These changes modify lower-level BER
structures. While the majority of these changes are maintained within the SDK itself, or opaque
to the applications, those applications that use or modify binary data stored in the directory
server or that make direct use of non-integrated LDAP extensions or controls, will likely be
impacted. These impacted applications will be incompatible with version 6.0.5 unless re-compiled.
If you have a third-party application that no longer functions after upgrading to LDAP-UX
version B.04.20 or later, contact HP support. SAP customers should review SAP Note 1451598
and 541344 before installing LDAP-UX.
For customers transitioning to the newer version of LDAP SDK, LDAP SDK 5.17 is provided in
/opt/ldapux/lib/legacy/5. Internal versions have been added to both SDKs to help prevent
newly-built applications from using the wrong LDAP library.
2.2 Compatibility and installation requirements for LDAP-UX Client Services 11