01-25-2010
Quote:
Originally Posted by
solaris_user
Like JAVA and OpenSolaris , RBAC is one of three things that are not good for usage
??
Quote:
RBAC works only with Solaris , it is better to use read write permissions on group of users on some directory
Permissions are unlikely to replace the Solaris "Primary Administrator" role features.
mduweik: It is perfectly possible to have roles managed by an external LDAP directory. Before trying to use Active Directory, you probably might try first following the supported path, i.e. using Sun Directory Server as a back-end and initializing it with the Solaris supplied script idsconfig. Alternatively, you might also use OpenDS which already has support for the Solaris RBAC related schemas, eg: SolarisUserAttr.
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
Discussion started by: vipas
0 Replies
2. UNIX for Advanced & Expert Users
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies
3. Linux
Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies
4. AIX
Hi All,
i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE).
It's possible create this custom role?
If yes where i can read something about?
Thanks in advance.
Bye.
Zio (1 Reply)
Discussion started by: Zio Bill
1 Replies
5. Linux
Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies
6. AIX
Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.
So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies
7. UNIX and Linux Applications
I have these two table. How do I see if user roles and system roles are seperated?
SQL> desc DBA_ROLES;
Name Null? Type
----------------------------------------- -------- ----------------------------
ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies
8. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
9. Solaris
Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
Hi, just starting with RBAC. I have managed to create a test user with assigned roles:
Basic Actions
Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole
rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies
LEARN ABOUT DEBIAN
authen::simple::ldap
Authen::Simple::LDAP(3pm) User Contributed Perl Documentation Authen::Simple::LDAP(3pm)
NAME
Authen::Simple::LDAP - Simple LDAP authentication
SYNOPSIS
use Authen::Simple::LDAP;
my $ldap = Authen::Simple::LDAP->new(
host => 'ldap.company.com',
basedn => 'ou=People,dc=company,dc=net'
);
if ( $ldap->authenticate( $username, $password ) ) {
# successfull authentication
}
# or as a mod_perl Authen handler
PerlModule Authen::Simple::Apache
PerlModule Authen::Simple::LDAP
PerlSetVar AuthenSimpleLDAP_host "ldap.company.com"
PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"
<Location /protected>
PerlAuthenHandler Authen::Simple::LDAP
AuthType Basic
AuthName "Protected Area"
Require valid-user
</Location>
DESCRIPTION
Authenticate against a LDAP service.
METHODS
o new
This method takes a hash of parameters. The following options are valid:
o host
Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".
host => ldap.company.com
host => 10.0.0.1
host => ldap://ldap.company.com:389
host => ldaps://ldap.company.com
o port
Connection port, default to 389. May be overridden by host if host is a URI.
port => 389
o timeout
Connection timeout, defaults to 60.
timeout => 60
o version
The LDAP version to use, defaults to 3.
version => 3
o binddn
The distinguished name to bind to the server with, defaults to bind anonymously.
binddn => 'uid=proxy,cn=users,dc=company,dc=com'
o bindpw
The credentials to bind with.
bindpw => 'secret'
o basedn
The distinguished name of the search base.
basedn => 'cn=users,dc=company,dc=com'
o filter
LDAP filter to use in search, defaults to "(uid=%s)".
filter => '(uid=%s)'
o scope
The search scope, can be "base", "one" or "sub", defaults to "sub".
filter => 'sub'
o log
Any object that supports "debug", "info", "error" and "warn".
log => Log::Log4perl->get_logger('Authen::Simple::LDAP')
o authenticate( $username, $password )
Returns true on success and false on failure.
EXAMPLE USAGE
Apple Open Directory
my $ldap = Authen::Simple::LDAP->new(
host => 'od.company.com',
basedn => 'cn=users,dc=company,dc=com',
filter => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
);
Microsoft Active Directory
my $ldap = Authen::Simple::LDAP->new(
host => 'ad.company.com',
binddn => 'proxyuser@company.com',
bindpw => 'secret',
basedn => 'cn=users,dc=company,dc=com',
filter => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
);
Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search
the desired tree and attributes.
SEE ALSO
Authen::Simple::ActiveDirectory.
Authen::Simple.
Net::LDAP.
AUTHOR
Christian Hansen "chansen@cpan.org"
COPYRIGHT
This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.14.2 2012-04-23 Authen::Simple::LDAP(3pm)