LDAP-UX Integration B.05.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

2.5 Known problems and workarounds for LDAP-UX Client Services

This section describes all currently known problems with the LDAP-UX Client Services product.

• Proxy User Configuration

Problem

If you change the authentication method from SIMPLE (with or without SSL) to SASL

DIGEST-MD5 (with or without SSL), or vice versa, the proxy user will become invalid if

you don’t update the proxy user during setup.

Workaround

The workaround is to remove the/etc/opt/ldapux/pcred file, then run the command

/opt/ldapux/config/ldap_proxy_config -i to reconfigure it.

• Hosts

Problem

A single entry representing a host/computer in an LDAP directory can contain multiple IP

addresses for each hostname record. The /etc/hosts file, however, requires a separate

entry for each IP address.

Workaround

If the system has been configured with multiple IP addresses for the same hostname, then

the migration script migrate_host.pl will create multiple entries in its resulting LDIF

file with the same distinguished name for hostname for each of the IP address. Since

distinguished name need to be unique in an LDAP directory, users need to first manually

merge the IP addresses with one designated host record and delete the duplicate records in

their LDIF file. A resulting entry might look like the following:

dn: cn=machineA, ou=devices, ou=hp.com

objectClass: top

objectClass: ipHost

objectClass: device

]ipHostNumber: 15.13.130.72

ipHostNumber: 15.13.104.4

ipHostNumber: 15.13.95.92

cn: machineA

cn: hpma01.cup.hp.com

Also, because LDAP server hosts are sometimes stored using the host name in LDAP referrals,

all the LDAP server host information for your network must be stored in the /etc/hosts

file if you use referrals, and wish to use LDAP-UX for resolving host names.

• Secondary Group

Problem

If a user’s secondary group is specified by x.500-style group p syntax (such as “member”,

“uniquemember”) and its “DN” contains the escape character “\”, LDAP-UX fails to return

the group. As a result, the command “id” will not show the secondary group.

Workaround

To workaround this problem, do not use special characters in “cn” or “uid” when creating

the user entry.

• Secondary Group

Problem

If the defaultSearchBase attribute in the LDAP-UX configuration profile is modified, it

can cause LDAP-UX to stop functioning. ldapcfinfo will report the following error:

# ldapcfinfo -t passwd

ERROR: CFI_SEARCH_BASE_NOT_EXIST:

18 LDAP-UX Client Services