LDAP-UX Integration B.05.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

automount name service Supported Not Supported

aliases name service Not Supported[1] Not Supported

services name service Supported Supported

publickey name service Supported Not Supported

printer configurator Supported Not Supported[2]

pam_authz Supported Supported[3]

X.500-style group syntax Supported Supported

pam_ldap Supported Not Supported[4]

Trusted Mode Security[5] Supported Supported

Standard Mode Security Supported Supported

LDAP Command-line Utils. Supported Supported

ldapentry editor tool Supported Supporte

NIS Migration Tools Supported Supported

NIS+ Migration Tools Supported Supported

Multiple Domains Not Supported Supported

NIS/LDAP Gateway Supported Not Supported

Authentication Methods

Simple Password NSS[6] & PAM[7] NSS Only

SASL/DIGEST-MD5 NSS & PAM NSS Only

SASL/GSSAPI Not Supported NSS Only

SSL/TLS Server Certs. NSS & PAM NSS Only

SSL/TLS Client Certs. Not Supported Not Supported

Caching

passwd Supported Supported

group Supported Supported

netgroup Supported Not Supported

X.500-style group- Supported Supported

membership

NOTE:

1. Equivalent feature available directly in sendmail.

2. The setup program does not support configuration of ADS-based printers. If the printer entry

in ADS contains a "printer-uri" type attribute (see RFC3712) the configuration profile can be

modified to change the attribute mapping forprinter-name and printer-uri to match

that of printer descriptions in ADS. However this feature is not officially supported.

3. netgroups may not be stored in ADS.

4. pam_kerberos has been integrated with LDAP to fully support Windows domain

authentication and should be used instead of pam_ldap.

5. LDAP-UX supports coexistence Trusted Mode and Standard Mode security features. Identities

stored in the local host are controlled by the local security policy. Identities stored in an LDAP

directory are controlled by the LDAP security policy.

6. NSS refers to the Name Service Subsystem, such as passwd, group, and so forth. For more

information, see the nsswitch.conf(4) manpage.

7. PAM refers to the Pluggable Authentication Module subsystem. For more information, see the

pam(3) manpage.

2.7.16 Additional limitations with Active Directory

• ldapentry Not Certified for Active Directory

ldapentry, a new client administration tool to simplify adding, modifying, and deleting

database entries is not certified for use with Active Directory.

• Limited Name Service Database Support for multiple Domains

LDAP-UX Client Services, using Windows 2003 R2/2008Active Directory Server with multiple

Domains, currently only supports the passwd and group name services.

• Posix Password Support

Posix password (defined as userPassword in RFC 2307, and msSFUPassword in SFU 2.0) is

not certified.

24 LDAP-UX Client Services