Manualshelf

LDAP-UX Integration B.05.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
Enter the default base DN where LDAP-UX clients should look for user and
group information, (for example: cn=users, )
Default base DN []:
When initiated without the -l option, setup configures the profile correctly and generates
the default base DN in the user prompt, as shown in the following example:
Enter the default base DN where LDAP-UX clients should look for user and
group information, (for example: cn=users, dc=ninja,dc=turtle,dc=acme,dc=com)
Default base DN [dc=ninja,dc=turtle,dc=acme,dc=com]:
Defect number QXCR1001057267
The /opt/ldapux/lib/pa20_64/libnss3.sl library is incorrectly linked.
Defect number QXCR1001050455
The following problems pertaining to Kerberos service in a Windows ADS environment have
been fixed:
If autosetup is used to configure LDAP-UX in a Windows ADS environment, it will
modify the existing /etc/krb5.conf file or create a new one if needed. If a new /etc/
krb5.conf file is created, it will be set with permissions of -rw-------. While these
permissions will not prevent usage of Windows as an authentication module for login to
basic HP-UX services, it could prevent usage of other Kerberized services once the user
has logged in.
As part of the LDAP-UX configuration process, the autosetup program creates a proxy
account that represents the HP-UX host. LDAP-UX needs this proxy account when it queries
Windows ADS for name service information. (Windows ADS does not allow anonymous
access to directory server data.) In the B.05.00 version of autosetup, this proxy account
is created as a user principal. However, to use Kerberos single-sign-on features, the host
must be represented by a service principal instead of a user principal. The fix ensures
that the host is represented by a service principal.
NOTE: If you have already used the B.05.00 version of autosetup to install and
configure LDAP-UX clients in a Windows ADS environment, or if you do not plan to
upgrade, HP provides a script that can convert the HP-UX host entry in Windows ADS to
a service principal. For more information about this script, see Section 2.6 (page 18).
Defect number QXCR1001071137
The autosetup terminates if, when querying the DNS server of the DNS domain for any
registered Kerberos Key Distribution Center (KDC) servers, DNS returns a host name (instead
of an IP address).
Defect number QXCR1001072261
When multiple invocations of autosetup have been run for a Windows ADS environment
(without using netleave to unconfigure LDAP-UX), extra configuration lines might be written
in the PAM configuration file pam.conf that impair its functionality.
Defect number QXCR1001072267
The autosetup program might display "invalid password" occasionally, although it completes
successfully.
Defect number QXCR1001072713
The ldaphostlist program terminates with signal 10 (Bus error) when the SASL
authentication method is used.
16 LDAP-UX Client Services