Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LDAP users with RBAC Roles
Operating Systems Solaris LDAP users with RBAC Roles Post 302390203 by mduweik on Wednesday 27th of January 2010 07:15:57 AM
Old 01-27-2010
MySQL i managed to do it
Thanks all for your valuable feebacks.

sorry for not replying earlier, i was busy trying to fix it and i managed to use rbac roles and profiles defined locally to be used by LDAP MS AD users.

it was more simple than i thought ..

all you have to do is define rbac properly then edit the /etc/user_attr manually and add a line per user.

Details below:

Configure RBAC:

1. /usr/sbin/roleadd -u 2000 -g 10 -d /export/home/unixpa -m unixpa
2. passwd unixpa
3. /usr/bin/grep -i unixpa /etc/passwd
4. /usr/sbin/rolemod -P "Primary Administrator" unixpa
5. /usr/bin/profiles unixpa


file attached (snapshot) of /etc/user_attr line needs to be added for each MS AD user

then login with AD user normally , su to RBAC role and thats it , you have Primary Administrator Role.

soon ill finish documenting the complete procedure as proof of concept for the management , along with auto creation of home directories if it didnt exist using one of two options (compiled pam or auto_home with NFS).

sorry again for the late reply and thanks to you all.

whoever needs a copy of the document (within a week will be ready) inshallah, drop me and email of i can post it here too if needed.
LDAP users with RBAC Roles-user_attrjpg
This User Gave Thanks to mduweik For This Post:
jjp5421
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

4. AIX

Customize Roles - HMC

Hi All, i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE). It's possible create this custom role? If yes where i can read something about? Thanks in advance. Bye. Zio (1 Reply)
Discussion started by: Zio Bill
1 Replies

5. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

6. AIX

RBAC and LDAP users (AD)

Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users. So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies

7. UNIX and Linux Applications

Oracle Database - How to check if user roles and system roles are separated?

I have these two table. How do I see if user roles and system roles are seperated? SQL> desc DBA_ROLES; Name Null? Type ----------------------------------------- -------- ---------------------------- ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies

8. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

9. Solaris

How do you assign multiple roles in RBAC?

Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC Hi, just starting with RBAC. I have managed to create a test user with assigned roles: Basic Actions Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies

LEARN ABOUT FREEBSD

roledel

roledel(1M)                                               System Administration Commands                                               roledel(1M)

NAME

       roledel - delete a role's login from the system

SYNOPSIS

       roledel [-r] role

DESCRIPTION

       The  roledel  utility  deletes a role account from the system and makes the appropriate account-related changes to the system file and file
       system. roledel also removes the role from each user's list of assumable roles.

OPTIONS

       The following options are supported:

       -r              Remove the role's home directory from the system. This directory must exist. The  files  and  directories  under  the  home
                       directory will no longer be accessible following successful execution of the command.

OPERANDS

       The following operands are supported:

       role            An existing role name to be deleted.

EXIT STATUS

       The following exit values are returned:

       0               Successful completion.

       2               Invalid command syntax. A usage message for the roledel command is displayed.

       6               The account to be removed does not exist.

       8               The account to be removed is in use.

       10              Cannot update the /etc/group or /etc/user_attr file but the login is removed from the /etc/passwd file.

       12              Cannot remove or otherwise modify the home directory.

FILES

       /etc/passwd             system password file

       /etc/shadow             system file containing roles' encrypted passwords and related information

       /etc/group              system file containing group definitions

       /etc/user_attr          system file containing additional role attributes

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |ATTRIBUTE TYPE               |ATTRIBUTE VALUE              |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

SEE ALSO

       auths(1),  passwd(1),  profiles(1),  roles(1),  users(1B),  groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), roleadd(1M), rolemod(1M),
       useradd(1M), userdel(1M), usermod(1M), passwd(4), prof_attr(4), user_attr(4), attributes(5)

NOTES

       The roledel utility only deletes an account definition that is in the local /etc/group, /etc/passwd, /etc/shadow, and /etc/user_attr  file.
       file. If a network name service such as NIS or NIS+ is being used to supplement the local /etc/passwd file with additional entries, roledel
       cannot change information supplied by the network name service.

SunOS 5.10                                                          8 Sep 1999                                                         roledel(1M)
All times are GMT -4. The time now is 11:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy