Manualshelf

LDAP-UX Integration B.05.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
Defect number QXCR1001009051
ldifdiff would not properly compare LDIF files if attribute names had differing case
(upper/lower).
Defect number QXCR1001038046
ldapentry would report errors when attempting to connect to the directory server when
SSL/TLS enabled.
2.6 Known problems and workarounds for LDAP-UX Client Services
This section describes all currently known problems with the LDAP-UX Client Services product.
Directory server created by autosetup fails to import the /tmp/ldif2dbTmp.inf template
file
Problem
When autosetup is used for the first time to create a new HP-UX Directory Server instance,
the program may report the following error:
Failed to import base LDIF file "/tmp/ldif2dbTmp.inf" to directory server.
This problem occurs when the root user runs the autosetup program with restrictive umask
file permissions. As a result, the autosetup program fails to grant sufficient permissions to
the /tmp/ldif2dbTmp.inf template file, which consequently cannot be read and imported
by the newly-created directory server instance.
Workaround
Before running the autosetup program, temporarily set the umask permissions to 022.
Proxy account created as a user principal; must be service principal to use Kerberos
single-sign-on features
Problem
As part of the LDAP-UX configuration process, the autosetup program creates a proxy
account that represents the HP-UX host. LDAP-UX needs this proxy account when it queries
Windows ADS for name service information. (Windows ADS does not allow anonymous
access to directory server data.) In the B.05.00 version of autosetup, this proxy account is
created as a user principal. However, to use Kerberos single-sign-on features, the host must
be represented by a service principal instead of a user principal.
Workaround
This problem has been fixed in B.05.01. To take advantage of this correction, HP recommends
that you upgrade to B.05.01. If you have already used the B.05.00 version of autosetup
to install and configure LDAP-UX clients in a Windows ADS environment, or if you do not plan
to upgrade, HP provides a script that converts the HP-UX host entry in Windows ADS to a
service principal. To obtain a copy of this script, contact your HP support representative and
ask for the host2svpr.pl script. Mention that the script can be found in the "Crypt" system
as part of the "ldap-ux int" product.
Run this script as the root user, after the version B.05.00 autosetup has completed. The
script prompts for a Windows ADS administrator's credential and then updates the host entry
in the directory server and also updates the /etc/opt/ldapux/pcred, /etc/krb5.conf,
and /etc/krb5.keytab files.
Proxy user becomes invalid when changing authentication method
Problem
18 LDAP-UX Client Services