Manualshelf

Preparing your LDAP Directory for HP-UX Integration

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
12345678910
January 19, 2000 - Version 1.00
Table of Contents
Introduction ___________________________________________________________________ 1
Audience___________________________________________________________________________ 1
Background & Overview _____________________________________________________________ 1
Scope______________________________________________________________________________ 2
"LDAP-UX Integration" Products Overview_________________________________________ 3
High level Overview _________________________________________________________________ 3
The NIS/LDAP Gateway _____________________________________________________________________3
LDAP-UX Client Services____________________________________________________________________5
Security Considerations__________________________________________________________ 7
Protecting Posix Attributes ___________________________________________________________ 7
Protecting passwd Attributes (IMPORTANT)_____________________________________________________7
Protecting Group Entries _____________________________________________________________________8
Protecting Other Posix Attributes_______________________________________________________________9
Limiting login Shell Values __________________________________________________________________10
Setting Up Access Controls for Proper HP-UX Operation _________________________________ 11
Directory Read Access Requirements __________________________________________________________11
Crypt Password Format_____________________________________________________________ 12
NIS/LDAP Gateway and Crypt passwords ______________________________________________________12
LDAP-UX Client Services and Crypt Passwords__________________________________________________13
Choosing Your Directory's Password Format ____________________________________________________14
Blank Passwords ___________________________________________________________________ 14
Blank Passwords and the NIS/LDAP Gateway ___________________________________________________15
Blank Passwords and LDAP-UX Client Services _________________________________________________15
Preserving HP-UX password policies __________________________________________________ 16
NIS/LDAP Gateway & Password Policy________________________________________________________16
LDAP-UX Client Services & Password Policy ___________________________________________________17
Password Policy and the Proxy User ___________________________________________________________17
Performance Considerations_____________________________________________________ 19
Increasing Search performance_______________________________________________________ 19
Large Databases_______________________________________________________________ 21
Enumeration ______________________________________________________________________ 21
Common Enumerators ______________________________________________________________________21
Timeouts and Maximum Number of Replies _____________________________________________________22
Other Enumeration issues____________________________________________________________________23
Schema ______________________________________________________________________ 26
RFC 2307 _________________________________________________________________________ 26
Incorporating RFC 2307 ____________________________________________________________________26
RFC 2307 LDAP requirements _______________________________________________________________26
Posix and "Case Ignore String" _______________________________________________________________27
HP-UX Syntax Requirements on RFC 2307 Data ________________________________________ 28
String Size _______________________________________________________________________________28
Numeric UID & GID _______________________________________________________________________29