Contact Us Contact Us

LDAP-UX Integration

  Software Depot
Electronic download
Frequently asked questions
Product details & specifications
Receive for Free
Overview

The LDAP-UX Integration product for HP-UX uses the Lightweight Directory Access Protocol (LDAP) to centralize HP-UX management in an LDAP directory. LDAP-UX Integration enables the LDAP directory to be used as a central service for HP-UX authentication and authorization as well as a central repository for service configuration including integrated account and group management.

The LDAP-UX Integration main components are described briefly in the following list:

  • The LDAP-UX Client Services enable HP-UX clients to use a centralized LDAP directory server for unified authentication, access control policy and name service information. This includes support for joining a Windows Active Directory domain. The pam_ldap and pam_authz modules are included in this component, which provide rich authentication and access control policy enforcement. The Mozilla LDAP C SDK is included as well, to provide application integration with LDAP directory servers.
  • The NIS/LDAP Gateway is a server for legacy Network Information Service (NIS) clients. The NIS/LDAP Gateway daemon (ypldapd) allows LDAP to serve as a name service repository instead of the traditional NIS maps. If you are migrating from NIS to LDAP, you can use the NIS/LDAP Gateway to help you phase in the transition to LDAP in a large organization.

LDAP-UX Integration provides a variety of features that allow for advanced integration into an LDAP-managed identity and security framework. Among the many features are:

  • Integrated Security:
    • Via libpam_ldap, the LDAP directory server can act as a central authentication service, providing centralized account and password policies, including support for long passwords.
    • LDAP-UX can also share group management with other LDAP-enabled applications. By following the X.500 group membership specification, groups managed in the directory server, including Windows ADS, will appear as traditional POSIX-style groups in HP-UX. LDAP-UX also supports dynamic groups (groups based on LDAP filters), allowing simplified group management.
    • Via libpam_authz, information in the LDAP directory server can provide advanced access control policies to grant and limit access to HP-UX services.
  • Integrated Identity:
    Allows for HP-UX to use the same account and group information shared among multiple directory-enabled services. Advanced attribute mapping, following the configuration profile standard defined in RFC 4876, minimizes the need to create duplicate schema. For example, the employeeNumber attribute can also serve as the HP-UX user id number.
  • Joining Windows domains:
    Allows HP-UX to join an existing Windows domain or forest. Users from multiple domains can login to the same HP-UX host.
  • Simplified Setup:
    Greatly simplifies configuration of HP-UX to use centralized LDAP management. A new directory server and LDAP-UX domain can be created in a matter of moments with minimal input, or LDAP-UX can join an existing domain (Windows or LDAP-UX) by only specifying the directory server host or domain name to join and administrator credentials.
  • SSH Host Key Management:
  • Allows for management of ssh host keys used by HP Secure Shell. By placing ssh host keys in the directory server, trust can be pre-established between hosts in a domain, eliminating the need for end users to respond to the often ignored "man-in-the-middle" prompts. Refer to HP Secure Shell for additional information.
  • Long Term Identity & Credential Caching:
    Allows for HP-UX to continue functioning with cached data, even when connection with the directory server has been lost.
  • Context-Aware Object Management Tools:
    Advanced command-line tools allow administrators and scripts to manage users, groups and hosts in the directory server without needing to be fully aware of LDAP context. These tools hide the complexity of managing data in the directory server by automatically handling connection management, attribute mapping and directory data location.

New in LDAP-UX Integration B.05.00

LDAP-UX Integration B.05.00 offers the following new features:

  • SSH Key Management:
    Allows for management of ssh host keys used by HP Secure Shell. By placing ssh host keys in the directory server, trust can be pre-established between hosts, eliminating the need for users to respond to the "man-in-the-middle" prompts. LDAP-UX can also be used to centrally manage ssh configuration.
  • Guided Installation Mode:
    More than just "Guided Installation", this mode greatly simplifies the installation of LDAP-UX. Guided Installation can provide complete configuration to enable HP-UX to use LDAP centralized management, while requiring only minimal input (the directory server host name or Windows domain name plus an administrators name and password). Guided Installation mode can also create a new directory server instance (using HP-UX Directory server) and define an LDAP-UX "domain" that provides a management framework for centralized user, group and host management (including ssh host keys).
  • Long Term Identity & Credential Caching:
    Allows for HP-UX to continue functioning with cached data, even when connection with the directory server has been lost.
  • Host Management Tools:
    Provides a context aware and simplified interface for command-line or scripted management of host data (including ssh keys) in the directory server.
  • IPv6 support:
    LDAP-UX services and utilities have been enhanced to support the IPv6 protocol. Connections to a directory server with an IPv6 address is supported by ldapclientd (used to manage all OS interactions with the directory server) as well as the LDAP utilities provided with LDAP-UX.
  • Local-only Configuration:
    Optionally, version B.05.00 allows LDAP-UX to be configured with a locally defined configuraiton profile instead of requiring the configuration profile be stored in the directory server. This feature allows LDAP-UX to be configured when there are restrictions in adding the configuration profile schema to the directory server.
  • Library Versioning added to the LDAP SDK:
    Version B.05.00 delivers named versions of both the 5.17.1 and 6.0.5 versions of the LDAP C SDK to improve compatibility with applications.
  • Note: Release B.05.01 is an update to B.05.00, containing several fixes. For more information, please refer to LDAP-UX Integration B.05.01 Release Notes.

Product Documentation

Use the following documents in conjunction with each other when using LDAP-UX Integration B.05.01:

  • LDAP-UX Integration B.05.01 Release Notes
  • LDAP-UX Client Services B.05.01 Administrator's Guide
  • NIS/LDAP Gateway Administrator's Guide

These documents are located at:
http://www.hp.com/go/hpux-security-docs

 
Additional product information
Product #: J4269AA
Version: B.05.01
Software specification: HP-UX 11i v3 for HP 9000 or Integrity Servers
HP-UX 11i v2 for HP 9000 or Integrity Servers
HP-UX 11i v1 for HP 9000 or Integrity Servers
Installation
Receive for Free