03-19-2009
Different login shells in LDAP
Hi folks,
we have a very heterogenous server environment. There are also lots of AIX and Linux servers which usually have different login shells and all servers have to be integrated into LDAP. The LDAP Meta Directory is hosted by a Novell eDirectory.
On our Linux boxes it is usually bash, on AIX ksh. We also don't want to change it in that way, so that we only use one type of shell on all servers. We want to be flexible, judging by type of host and/or by user, which login shell the user would get. There is also the possibility that users just get a /bin/false so they don't have a login that easy.
So we could just go add new attributes in LDAP to a user. This could be mapped locally to the attribute the LDAP client of the OS needs.
Downside is, that our department for permissions wants to have permissions and rights, like which shell on which host etc. set by assigning users to a group. They don't want to handle each user's attributes seprately.
They want it the way they just put users into groups like they do it already.
We currently have no idea how to set attributes like LoginShell, HomeDirectory etc. for the same user on different hosts and even different OS'es while keeping it easy for the permissions department to assing users just to groups etc.
Also we tried filtering the group a user is in by shell script which was very easy but by no way being able to set the Login Shell with this method. You can add it witch chsh, write it into /etc/shells or on AIX /etc/security/login.cfg but we can't get a working shell for the user by this at all.
So if anyone would like to share his/her experience with such an LDAP environment I would be very thankful for any insight.
The IBM Redbook for AIX in a heterogenous LDAP enviroment was a big help in setting up everything, but no hint in it for the problem described above. Also not in the IBM LDAP White Papers incl. the troubleshooting part.
Also on Google I found no solution for this.
Last edited by zaxxon; 03-20-2009 at 03:11 AM..
Reason: typos
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have came across the definitions of these shells korn bourne c etc .. but honestly till now i din't get the exact difference between these threes , the advantages ..... can anyone pinpoint me where it actually lies ..... don;t include me answers like aliasing in c is posible and not in bourne ..... (3 Replies)
Discussion started by: dino_leix
3 Replies
2. Web Development
Hello,
I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification.
I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server.
i.e. the same login info. is used for both,... (2 Replies)
Discussion started by: WhotheWhat
2 Replies
3. UNIX for Advanced & Expert Users
Can you pls. tell me, why we have different shells in UNIX OS ( Eg. SunOs) and also I would like to know what is the specific difference b/w SVR and BSD ?
Thanks. (2 Replies)
Discussion started by: shahnazurs
2 Replies
4. UNIX for Advanced & Expert Users
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies
5. Red Hat
Hey guys
iīve one big problem with nscd.conf this donīt work i tried many examples of configuration the nscd.conf simply donīt work when i stop the ldap server i try access by ssh on the client i canīt make logon.
And the database on /var/db/nscd donīt work.
follows below the conf of... (0 Replies)
Discussion started by: paulo_eduardo
0 Replies
6. UNIX for Dummies Questions & Answers
Lets say my default shell is bash and then i load up csh and then ksh. How would i exit csh without exiting ksh?
so basically i gone from bash > csh > ksh and i wish to close csh (2 Replies)
Discussion started by: Bill Thompson
2 Replies
7. OS X (Apple)
I'm writing scripts to check for compliance with the DISA STIG. Several items refer to manually click-click-clicking to verify settings regarding LDAP or accounts like guest account disabled, "Allow Guests to connect to shared folders", "Display login window as:", "Show input menu in login... (7 Replies)
Discussion started by: jnojr
7 Replies
8. UNIX for Dummies Questions & Answers
I mean like this: http://shells.red-pill.eu/
Can anyone explain how this works? I hope my post is not spam. I think its related to linux. Thank you (1 Reply)
Discussion started by: postcd
1 Replies
9. UNIX for Advanced & Expert Users
Hey folks,
When a user is added to a new group, the user has to be log out and log in again to make the new group effective. Is there any system command or technique to refresh user group ID update without re-login?
I am not talking about to use "login" or "su -l" commands which can only make... (2 Replies)
Discussion started by: hce
2 Replies
10. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
CHSH(1) User Commands CHSH(1)
NAME
chsh - change login shell
SYNOPSIS
chsh [options] [LOGIN]
DESCRIPTION
The chsh command changes the user login shell. This determines the name of the user's initial login command. A normal user may only change
the login shell for her own account; the superuser may change the login shell for any account.
OPTIONS
The options which apply to the chsh command are:
-h, --help
Display help message and exit.
-s, --shell SHELL
The name of the user's new login shell. Setting this field to blank causes the system to select the default login shell.
If the -s option is not selected, chsh operates in an interactive fashion, prompting the user with the current login shell. Enter the new
value to change the shell, or leave the line blank to use the current one. The current shell is displayed between a pair of [ ] marks.
NOTE
The only restriction placed on the login shell is that the command name must be listed in /etc/shells, unless the invoker is the superuser,
and then any value may be added. An account with a restricted login shell may not change her login shell. For this reason, placing /bin/rsh
in /etc/shells is discouraged since accidentally changing to a restricted shell would prevent the user from ever changing her login shell
back to its original value.
FILES
/etc/passwd
User account information.
/etc/shells
List of valid login shells.
/etc/login.defs
Shadow password suite configuration.
SEE ALSO
chfn(1), login.defs(5), passwd(5).
User Commands 06/24/2011 CHSH(1)