Manualshelf

Preparing your LDAP Directory for HP-UX Integration

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
27
To keep a complex topic simple, in short, an LDAP directory server that is to store RFC 2307 entries should
follow a some basic requirements:
Comply with the LDAP v3 RFCs 2251 through 2256.
Support multi-valued RDNs: "dn: cn=Tom+city=Cupertino,ou=hp.com".
(multi-valued RDNs are only required when storing netgroups or non-standard NIS databases.)
Posix and "Case Ignore String"
In general, a Posix system is case sensitive. And when data is stored in an LDAP directory, the case of data
is preserved. However, when searching for information in an LDAP directory, case may be ignored
depending on the attribute type being search for.
A little bit of background: Attributes used by the RFC 2307 schema come from both existing attribute types
defined by RFC 2256 and newly defined attribute types. Where appropriate, RFC 2307 uses existing
attributes when the role of the attribute defined by RFC 2256 also matches the role needed by RFC 2307.
As an example, the /etc/protocols file defines common protocols that work over IP. The format is
"<official name> <protocol number> <aliases>". Here is a sample entry:
tcp 6 TCP # transmission control protocol
In discovering attributes to represent these fields, the cn (common name) attribute sufficiently describes the
<official name> and <aliases>. Therefore, instead of defining new attribute types for <official name> and
<aliases>, cn was selected by RFC 2307 to represent those fields.
However, cn is defined as a "case ignore string." This means that when the directory server is issued a
search request, it will ignore case when comparing the search results. And as a result, the above
/etc/protocol entry will be represented by the following entry in an LDAP directory:
dn: cn=tcp,ou=tcpIp,ou=NIS,o=hp.com
objectclass: ipProtocol
objectclass: top
ipprotocolnumber: 6
cn: tcp
In this example, the alias "TCP" was removed, because it is not needed. When an application calls the
procedure getprotobyname("TCP", result, buffer) it will still return the proper protocol number. However,
there is a possible side-effect. getprotobyname("tCp", result, buffer) will also return the TCP protocol
number. It would have failed before. This could be considered an enhancement, but may result in undesired
side-effects.
The "names" defined in /etc/group, /etc/hosts, /etc/netgroup, /etc/networks, /etc/protocols, /etc/rpc, and
/etc/services are represented by the case insensitive attribute cn.
Of the above list, only the /etc/group or /etc/netgroup files are the most likely to cause problems. As an
example, suppose your NIS group database contained the following two groups:
cat::14:bjones,jrice,ericr,bobj
CAT::2922:fwilkins,trose,hice
On a Posix system, the above two entries represent two different groups. (Suppose the "cat" group
represents the users that like cats, and suppose the "CAT" group represents the members of the "Common
Authentication Technology" investigation team.) However, once these two groups are migrated to an LDAP