Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Different login shells in LDAP
Top Forums UNIX for Advanced & Expert Users Different login shells in LDAP Post 302299182 by zaxxon on Thursday 19th of March 2009 11:26:30 AM
Old 03-19-2009
Different login shells in LDAP
Hi folks,

we have a very heterogenous server environment. There are also lots of AIX and Linux servers which usually have different login shells and all servers have to be integrated into LDAP. The LDAP Meta Directory is hosted by a Novell eDirectory.
On our Linux boxes it is usually bash, on AIX ksh. We also don't want to change it in that way, so that we only use one type of shell on all servers. We want to be flexible, judging by type of host and/or by user, which login shell the user would get. There is also the possibility that users just get a /bin/false so they don't have a login that easy.

So we could just go add new attributes in LDAP to a user. This could be mapped locally to the attribute the LDAP client of the OS needs.
Downside is, that our department for permissions wants to have permissions and rights, like which shell on which host etc. set by assigning users to a group. They don't want to handle each user's attributes seprately.
They want it the way they just put users into groups like they do it already.

We currently have no idea how to set attributes like LoginShell, HomeDirectory etc. for the same user on different hosts and even different OS'es while keeping it easy for the permissions department to assing users just to groups etc.

Also we tried filtering the group a user is in by shell script which was very easy but by no way being able to set the Login Shell with this method. You can add it witch chsh, write it into /etc/shells or on AIX /etc/security/login.cfg but we can't get a working shell for the user by this at all.

So if anyone would like to share his/her experience with such an LDAP environment I would be very thankful for any insight.

The IBM Redbook for AIX in a heterogenous LDAP enviroment was a big help in setting up everything, but no hint in it for the problem described above. Also not in the IBM LDAP White Papers incl. the troubleshooting part.

Also on Google I found no solution for this.
Last edited by zaxxon; 03-20-2009 at 03:11 AM.. Reason: typos
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Shells

I have came across the definitions of these shells korn bourne c etc .. but honestly till now i din't get the exact difference between these threes , the advantages ..... can anyone pinpoint me where it actually lies ..... don;t include me answers like aliasing in c is posible and not in bourne ..... (3 Replies)
Discussion started by: dino_leix
3 Replies

2. Web Development

APACHE: Tie in Web Page login with server login

Hello, I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification. I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server. i.e. the same login info. is used for both,... (2 Replies)
Discussion started by: WhotheWhat
2 Replies

3. UNIX for Advanced & Expert Users

why we have different shells?

Can you pls. tell me, why we have different shells in UNIX OS ( Eg. SunOs) and also I would like to know what is the specific difference b/w SVR and BSD ? Thanks. (2 Replies)
Discussion started by: shahnazurs
2 Replies

4. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

5. Red Hat

How to cache login in ldap clients !!! Please helpppp !!!!

Hey guys iīve one big problem with nscd.conf this donīt work i tried many examples of configuration the nscd.conf simply donīt work when i stop the ldap server i try access by ssh on the client i canīt make logon. And the database on /var/db/nscd donīt work. follows below the conf of... (0 Replies)
Discussion started by: paulo_eduardo
0 Replies

6. UNIX for Dummies Questions & Answers

Shells

Lets say my default shell is bash and then i load up csh and then ksh. How would i exit csh without exiting ksh? so basically i gone from bash > csh > ksh and i wish to close csh (2 Replies)
Discussion started by: Bill Thompson
2 Replies

7. OS X (Apple)

Where does OS X store LDAP and login settings?

I'm writing scripts to check for compliance with the DISA STIG. Several items refer to manually click-click-clicking to verify settings regarding LDAP or accounts like guest account disabled, "Allow Guests to connect to shared folders", "Display login window as:", "Show input menu in login... (7 Replies)
Discussion started by: jnojr
7 Replies

8. UNIX for Dummies Questions & Answers

Please what are shells?

I mean like this: http://shells.red-pill.eu/ Can anyone explain how this works? I hope my post is not spam. I think its related to linux. Thank you (1 Reply)
Discussion started by: postcd
1 Replies

9. UNIX for Advanced & Expert Users

Can adding to a new group be effective in current login environment without re-login?

Hey folks, When a user is added to a new group, the user has to be log out and log in again to make the new group effective. Is there any system command or technique to refresh user group ID update without re-login? I am not talking about to use "login" or "su -l" commands which can only make... (2 Replies)
Discussion started by: hce
2 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT LINUX

chsh

CHSH(1) 							   User Commands							   CHSH(1)

NAME

       chsh - change login shell

SYNOPSIS

       chsh [options] [LOGIN]

DESCRIPTION

       The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
       the login shell for her own account; the superuser may change the login shell for any account.

OPTIONS

       The options which apply to the chsh command are:

       -h, --help
	   Display help message and exit.

       -s, --shell SHELL
	   The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.

       If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
       value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.

NOTE

       The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
       and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
       in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
       back to its original value.

FILES

       /etc/passwd
	   User account information.

       /etc/shells
	   List of valid login shells.

       /etc/login.defs
	   Shadow password suite configuration.

SEE ALSO

       chfn(1), login.defs(5), passwd(5).

User Commands							    06/24/2011								   CHSH(1)
All times are GMT -4. The time now is 10:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy