Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering LDAP-UX Client Services with Microsoft Windows 2000 Active Directory > Chapter 3 About Active Directory Multiple Domain Support

Retrieving Data from a Remote Domain
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

LDAP-UX can retrieve data from a remote domain in three ways:

  1. Via remote domain configuration

    If you know in which domains your data resides, you can tell LDAP-UX (by using setup) to retrieve the data from these specific remote domains. When the data is not found in the local domain, LDAP-UX searches all remote domains, using the sequence you configure, until the data is found.

  2. Via Global Catalog Server (GCS)

    If you are not sure in which domains the data resides, you can configure LDAP-UX to search the GCS first. LDAP-UX uses the GSC to determine in which domain the requested data resides, then connects to that specific domain controller to retrieve complete POSIX information. However, by default, the global catalog (GC) doesn't contain any POSIX attributes. You need to add some POSIX attributes into the global catalog (see Appendix A for detailed information). You also need a configuration profile that tells which server (and port) serves as the GCS. The GCS profile is stored locally in /etc/opt/ldapux/domain_profiles/ldapux_profile.bin.gc.

  3. Via both remote domain configuration and GCS

    If you are sure that you need some specific remote domains, but don't want to exclude other domains, you can configure both, specifying remote domains and configuring usage of the GCS. When both are configured, LDAP-UX searches in this sequence:

    1. the local domain

    2. the remote domains in the order of configuration

    3. the GCS to find out in which domain the data exists

    4. the specific domain found from the GCS

Remote domain configuration vs. GCS

If you want to limit the scope of LDAP-UX's remote domain search to certain domains of the forest, you must configure those specific domains using the remote domain configuration. This is the only way to exclude some domains from LDAP-UX's remote domain search. For example, if your forest contains DomainA, DomainB, DomainC, and DomainD, but you just want users in DomainA and DomainB to log into HP-UX, then you need to configure either DomainA or DomainB as your local domain, then another one as the remote domain during setup, and choose not to use the GCS.

If you want to cover the entire forest in LDAP-UX's remote domain search scope, you can either explicitly configure every domain (one as "local", and the rest as "remote") or simply a local domain and the GCS to support multiple domains. When you choose to configure usage of both remote domain and GCS support, LDAP-UX searches remote domains, then queries the GCS.

For detailed steps on how to configure multiple domains using the setup tool, refer to the section titled, "Configure the LDAP-UX Client Services" in Chapter 2.



Overview
  		 


Automatic Profile Downloading  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.