01-25-2010
Quote:
Originally Posted by
solaris_user
Like JAVA and OpenSolaris , RBAC is one of three things that are not good for usage
??
Quote:
RBAC works only with Solaris , it is better to use read write permissions on group of users on some directory
Permissions are unlikely to replace the Solaris "Primary Administrator" role features.
mduweik: It is perfectly possible to have roles managed by an external LDAP directory. Before trying to use Active Directory, you probably might try first following the supported path, i.e. using Sun Directory Server as a back-end and initializing it with the Solaris supplied script idsconfig. Alternatively, you might also use OpenDS which already has support for the Solaris RBAC related schemas, eg: SolarisUserAttr.
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
Discussion started by: vipas
0 Replies
2. UNIX for Advanced & Expert Users
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies
3. Linux
Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies
4. AIX
Hi All,
i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE).
It's possible create this custom role?
If yes where i can read something about?
Thanks in advance.
Bye.
Zio (1 Reply)
Discussion started by: Zio Bill
1 Replies
5. Linux
Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies
6. AIX
Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.
So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies
7. UNIX and Linux Applications
I have these two table. How do I see if user roles and system roles are seperated?
SQL> desc DBA_ROLES;
Name Null? Type
----------------------------------------- -------- ----------------------------
ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies
8. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
9. Solaris
Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
Hi, just starting with RBAC. I have managed to create a test user with assigned roles:
Basic Actions
Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole
rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies
LEARN ABOUT XFREE86
idsconfig
idsconfig(1M) System Administration Commands idsconfig(1M)
NAME
idsconfig - prepare an iPlanet Directory Server (iDS) to be populated with data and serve LDAP clients
SYNOPSIS
/usr/lib/ldap/idsconfig [-v] [-i input_configfile] [-o output_configfile]
DESCRIPTION
Use the idsconfig tool to set up an iPlanet Directory Server (iDS). You can specify the input configuration file with the -i option on the
command line. Alternatively, the tool will prompt the user for configuration information. The input configuration file is created by
idsconfig with the -o option on a previous run.
The first time a server is set up, the user is prompted for all the required information. Future installations on that machine can use the
configuration file previously generated by idsconfig using the -o option.
The output configuration file contains the directory administrator's password in clear text. Thus, if you are creating an output configura-
tion file, take appropriate security precautions.
You should back up the directory server's configuration and data prior to running this command.
OPTIONS
The following options are supported:
-i input_configfile Specify the file name for idsconfig to use as a configuration file. This file will be read by idsconfig, and the
values in the file will be used to configure the server. Do not manually edit input_configfile. The input_config-
file is only partially validated, as idsconfig assumes that the file was created by a previous invocation of the
command.
-o output_configfile Create a configuration file.
-v Verbose output.
OPERANDS
The following operands are supported:
input_configfile Name of configuration file for idsconfig to use.
output_configfile Configuration file created by idsconfig.
EXAMPLES
Example 1: Prompting the User for Input
In the following example, the user is prompted for information to set up iDS.
example# idsconfig
Example 2: Creating an Output Configuration File
In the following example, the user is prompted for information to set up iDS, and an output configuration file, config.1, is created when
completed.
example# idsconfig -o config.1
Example 3: Setting up iDS Using the Specified Configuration File
In the following example, iDS is set up by using the values specified in the configuration file, config.1. The verbose mode is specified,
so detailed information will print to the screen.
example# idsconfig -v -i config.1
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWnisu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ldap(1), ldapadd(1), ldapdelete(1), ldaplist(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1), ldap_cachemgr(1M), ldapaddent(1M), ldap-
client(1M), suninstall(1M), resolv.conf(4), attributes(5)
SunOS 5.10 18 Oct 2001 idsconfig(1M)