Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: HpUx and ldap Authentication
Operating Systems HP-UX HpUx and ldap Authentication Post 302242605 by suuuper on Thursday 2nd of October 2008 10:33:51 AM
Old 10-02-2008
HpUx and ldap Authentication
Hi to all,
i try to configure an HpUx 11.23 to use a Sun Directory Server to authenticate in system.
In my ldap the users is posixAccount.
I read in www that there is a sotware called LDAPUX but it use a profile, and it requires a change that i can't execute in my ldap because it is used also from other system (Solaris, redhat, aix, ecc....) and mainly because i don't have a administration acconunt in this ldap (only proxyAgent access).

There is a method that allows to configure the hpux to authenticate with ldap without HPUX???

Thanks and sorry for my English
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Module for LDAP Authentication

Hello Everyone, I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module? Regards, Harsha (0 Replies)
Discussion started by: garric
0 Replies

2. UNIX and Linux Applications

LDAP authentication question

Hello, I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it. Presently, I have configured Basic authentication with apache but the security is not tight. I... (1 Reply)
Discussion started by: bptronics
1 Replies

3. Linux

LDAP authentication question

Hello, I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it. Presently, I have configured Basic authentication with apache but the security is not tight. I... (1 Reply)
Discussion started by: bptronics
1 Replies

4. Cybersecurity

LDAP authentication question

Hello, I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it. Presently, I have configured Basic authentication with apache but the security is not tight. I... (1 Reply)
Discussion started by: bptronics
1 Replies

5. UNIX for Advanced & Expert Users

LDAP Authentication AND Authorization

I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies

6. Red Hat

CVS ldap authentication

I am trying to convert all my redhat servers over to ldap. I have solved almost all the probems but am having trouble getting cvs pserver to authenticate. I'm running redhat 4. Just patched everything the other day. cvs is cvs-1.11.17-9.1.el4_7.1. Any suggestions would be welcome. Obviously... (1 Reply)
Discussion started by: jhtrice
1 Replies

7. Solaris

LDAP authentication

Hi folks, i have opends 1.2 manually installed subversion 1.4.3 and apache2 updated by package manager. i want to access svn using LDAP authentication its giving an error: ldap_simple_bind_s() failed. what could be the problem. i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Discussion started by: visu_buri
2 Replies

8. Solaris

Authentication with LDAP in opensolaris

Hi all, I have two virtual machines, one with Suse and another with opensolaris 2009.06. The ldap server is in the Suse machine. From my opensolaris, with command ldalist i can see the information about the ldap configuration, i mean, the dn: ou:.... if i type id <ldapuser> i can see the user... (0 Replies)
Discussion started by: checoturco
0 Replies

9. AIX

LDAP authentication

Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003. We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Discussion started by: Nand1010_MA
3 Replies

10. Emergency UNIX and Linux Support

LDAP and AD Authentication Query

Hi Friends, I have below scenarios . dom1.test.com - LDAP dom2.test.com - AD Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with dom1\username -> get authenticated by LDAP host ... (2 Replies)
Discussion started by: Shirishlnx
2 Replies

LEARN ABOUT XFREE86

ldap

ldap(1) 							   User Commands							   ldap(1)

NAME

       ldap - LDAP as a naming repository

DESCRIPTION

       LDAP  refers  to  Lightweight Directory Access Protocol, which is an industry standard for accessing directory servers. By initializing the
       client using ldapclient(1M) and using the keyword ldap in the name service switch file, /etc/nsswitch.conf, Solaris clients can obtain nam-
       ing  information from an LDAP server.  Information such as usernames, hostnames, and passwords are stored on the LDAP server in a Directory
       Information Tree or DIT. The DIT consists of entries which in turn are composed of attributes. Each attribute has a type and  one  or  more
       values.

       Solaris	LDAP  clients  use  the  LDAP  v3 protocol to access naming information from LDAP servers. The LDAP server must support the object
       classes and attributes defined in RFC2307bis (draft), which maps the naming service model on to LDAP. As an alternate to using  the  schema
       defined	in  RFC2307bis	(draft), the system can be configured to use other schema sets and the schema mapping feature is configured to map
       between the two. Refer to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more details.

       The ldapclient(1M) utility can make a Solaris machine an LDAP client by setting up the appropriate directories,	files,	and  configuration
       information. The LDAP client caches this configuration information in local cache files. This configuration information is accessed through
       the ldap_cachemgr(1M) daemon. This daemon also refreshes the information in the configuration files from the LDAP server, providing  better
       performance and security. The ldap_cachemgr must run at all times for the proper operation of the naming services.

       There  are two types of configuration information, the information  available through a profile, and the information configured per client.
       The profile contains all the information as to how the  client accesses the directory. The credential information for proxy user is config-
       ured on a per client basis and is not downloaded through the profile.

       The  profile  contains  server-specific parameters that are required by all clients to locate the servers for the desired LDAP domain. This
       information could be the  server's IP address and the search base Distinguished Name (DN), for instance. It is  configured  on  the  client
       from  the default profile during  client  initialization and is	periodically  updated by the ldap_cachemgr daemon when the expiration time
       has elapsed.

       Client profiles can be stored on the LDAP server and may be used by the ldapclient utility to initialize an LDAP client. Using  the  client
       profile is the easiest way to configure a  client  machine. See ldapclient(1M).

       Credential information includes client-specific parameters that are used  by  a client. This information could be the Bind DN (LDAP "login"
       name) of the client and the password. If these parameters are required, they are manually defined during the initialization  through  ldap-
       client(1M).

       The  naming information is stored in containers on the LDAP server. A container is a non-leaf entry in the DIT that contains naming service
       information. Containers are similar to maps in NIS and tables in NIS+. A default mapping between the NIS databases  and the containers	in
       LDAP  is  presented  below.  The location of these containers as well as their names  can be overridden through the use of serviceSearchDe-
       scriptors. For more information, see ldapclient(1M).

       +--------------------+--------------------+---------------------------+
       |Database	    |Object Class	 | Container		     |
       +--------------------+--------------------+---------------------------+
       |passwd		    |posixAccount	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |		    |shadowAccount	 |			     |
       +--------------------+--------------------+---------------------------+
       |group		    |posixGroup 	 | ou=Group,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |services	    |ipService		 | ou=Services,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |protocols	    |ipProtocol 	 | ou=Protocols,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |rpc		    |oncRpc		 | ou=Rpc,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |hosts		    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ipnodes 	    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ethers		    |ieee802Device	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |bootparams	    |bootableDevice	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |networks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netmasks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netgroup	    |nisNetgroup	 | ou=Netgroup,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |aliases 	    |mailGroup		 | ou=Aliases,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |publickey	    |nisKeyObject	 |			     |
       +--------------------+--------------------+---------------------------+
       |generic 	    |nisObject		 | nisMapName=...,dc=...     |
       +--------------------+--------------------+---------------------------+
       |printers	    |printerService	 | ou=Printers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |auth_attr	    |SolarisAuthAttr	 | ou=SolarisAuthAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |prof_attr	    |SolarisProfAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |exec_attr	    |SolarisExecAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |user_attr	    |SolarisUserAttr	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |audit_user	    |SolarisAuditUser	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+

       The security model for clients is defined by a combination of the credential level to be used, the authentication method, and the PAM  mod-
       ules  to  be  used.  The  credential  level defines what credentials the client should use to authenticate to the directory server, and the
       authentication method defines the method of choice.  Both these can be set with multiple values. The Solaris LDAP  supports  the  following
       values for credential level :

		 anonymous

		 proxy

       The Solaris LDAP supports the following values for authentication method:

		 none

		 simple

		 sasl/CRAM-MD5

		 sasl/DIGEST-MD5

		 tls:simple

		 tls:sasl/CRAM-MD5

		 tls:sasl/DIGEST-MD5

       More  protection can be provided by means of  access control, allowing the server to grant access for certain containers or entries. Access
       control is specified by Access Control Lists (ACLs) that are defined and stored in the LDAP server. The Access Control Lists  on  the  LDAP
       server  are  called Access Control  Instructions (ACIs) by the the SunOne Directory Server. Each ACL or ACI specifies one or more directory
       objects, for example, the cn attribute in a specific container, one or more clients to whom you grant or  deny  access,	and  one  or  more
       access  rights  that  determine what the clients can do to or with the objects. Clients can be users or	applications. Access rights can be
       specified as read and write, for example. Refer to the System Administration Guide: Naming and Directory  Services  (DNS,  NIS,	and  LDAP)
       regarding the restrictions on ACLs and ACIs when using LDAP as a naming repository.

       A  sample  nsswitch.conf(4) file called nsswitch.ldap is provided in the /etc directory. This is copied to /etc/nsswitch.conf  by the ldap-
       client(1M) utility. This file uses LDAP as a repository for the different databases in the  nsswitch.conf file.

       The following is a list of the user commands related to LDAP:

       idsconfig(1M)	       Prepares a SunOne Directory Server to be ready to support Solaris LDAP clients.

       ldapaddent(1M)	       Creates LDAP entries from corresponding /etc files.

       ldapclient(1M)	       Initializes LDAP clients, or generates a configuration profile to be stored in the directory.

       ldaplist(1)	       Lists the contents of the LDAP naming space.

FILES

       /var/ldap/ldap_client_cred      Files that contain the LDAP configuration of the client. Do not manually modify these files. Their  content
       /var/ldap/ldap_client_file      is not  guaranteed to be human readable. Use ldapclient(1M) to update them.

       /etc/nsswitch.conf	       Configuration file for the name-service switch.

       /etc/nsswitch.ldap	       Sample configuration file for the name-service switch configured with LDAP and files.

       /etc/pam.conf		       PAM framework configuration file.

SEE ALSO

       ldaplist(1),   idsconfig(1M),  ldap_cachemgr(1M),  ldapaddent(1M),  ldapclient(1M),  nsswitch.conf(4),  pam.conf(4),  pam_authtok_check(5),
       pam_authtok_get(5),  pam_authtok_store(5),   pam_dhkeys(5),   pam_ldap(5),   pam_passwd_auth(5),   pam_unix_account(5),	 pam_unix_auth(5),
       pam_unix_session(5)

       System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

NOTES

       The  pam_unix(5)  module  is  no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    7 Jan 2004								   ldap(1)
All times are GMT -4. The time now is 08:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy