Manualshelf

LDAP-UX Integration B.05.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
LDAP Error 32: Configured LDAP-UX search base does not exist.
This can occur if the serviceSearchBase uses a relative base DN, as is configured by
autosetup, such as:
serviceSearchDescriptor: passwd:ou=People,
Workaround
If you need to modify the defaultSearchBase, be sure to put the full base DN in the
serviceSearchDescriptor attributes when modifying the LDAP-UX Configuration profile.
Permissions with autosetup
Problem
If autosetup is used to configure LDAP-UX, it will modify the existing /etc/krb5.conf
file or create a new one if needed. If a new /etc/krb5.conf file is created, it will be set
with permissions of -rw-------. While these permissions will not prevent usage of
Windows as an authentication module for login to basic HP-UX services, it could prevent
usage of other Kerberized services once the user has logged in.
Workaround
To address this problem, change the permission of the /etc/krb5.conf file to -rw-r--r--
after autosetup completes. For example:
chmod go+r /etc/krb5.conf
2.6 Limitations in LDAP-UX Client Services
The following are limitations in this version of the LDAP-UX Client Services.
2.6.1 Services
When migrating Services data into the LDAP directory, users should keep in mind that only
multiple protocols can be associated with one service name, but not multiple service ports. For
example: the following two lines of data can be stored into server.
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
However, because the port number is different, only one of the following entries can be stored
in to an LDAP server:
netdist 2101/tcp
-or-
netdist 2102/tcp
2.6.2 /etc/pam.conf
HP delivers two PAM example configuration files, /etc/pam.ldap
and/etc/pam.ldap.trusted, in this release. You need to configure /etc/pam.conf properly
for LDAP-UX to work as expected. When you integrate LDAP-UX Client Services with the HP-UX
Directory Server and your system is in Standard Mode, the pam_unix library must be defined
before pam_ldap as they are in the /etc/pam.ldap file. If your system is in the Trusted Mode,
the pam_ldap library must be defined before pam_unix, and both libraries must be specified
as "required" under "Session management". See Appendix C, Sample /etc/pam.ldap.trusted
File”, in the LDAP-UX Client Services Administrator’s Guide for details.
2.6.3 Maximum user name length of 8 characters on a Trusted Mode system
A user logins to a Trusted Mode system on an HP-UX 11i v2 or v3 machine, HP-UX supports
the maximum user length of eight characters.
2.6 Limitations in LDAP-UX Client Services 19