Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LDAP users with RBAC Roles
Operating Systems Solaris LDAP users with RBAC Roles Post 302390203 by mduweik on Wednesday 27th of January 2010 07:15:57 AM
Old 01-27-2010
MySQL i managed to do it
Thanks all for your valuable feebacks.

sorry for not replying earlier, i was busy trying to fix it and i managed to use rbac roles and profiles defined locally to be used by LDAP MS AD users.

it was more simple than i thought ..

all you have to do is define rbac properly then edit the /etc/user_attr manually and add a line per user.

Details below:

Configure RBAC:

1. /usr/sbin/roleadd -u 2000 -g 10 -d /export/home/unixpa -m unixpa
2. passwd unixpa
3. /usr/bin/grep -i unixpa /etc/passwd
4. /usr/sbin/rolemod -P "Primary Administrator" unixpa
5. /usr/bin/profiles unixpa


file attached (snapshot) of /etc/user_attr line needs to be added for each MS AD user

then login with AD user normally , su to RBAC role and thats it , you have Primary Administrator Role.

soon ill finish documenting the complete procedure as proof of concept for the management , along with auto creation of home directories if it didnt exist using one of two options (compiled pam or auto_home with NFS).

sorry again for the late reply and thanks to you all.

whoever needs a copy of the document (within a week will be ready) inshallah, drop me and email of i can post it here too if needed.
LDAP users with RBAC Roles-user_attrjpg
This User Gave Thanks to mduweik For This Post:
jjp5421
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

4. AIX

Customize Roles - HMC

Hi All, i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE). It's possible create this custom role? If yes where i can read something about? Thanks in advance. Bye. Zio (1 Reply)
Discussion started by: Zio Bill
1 Replies

5. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

6. AIX

RBAC and LDAP users (AD)

Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users. So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies

7. UNIX and Linux Applications

Oracle Database - How to check if user roles and system roles are separated?

I have these two table. How do I see if user roles and system roles are seperated? SQL> desc DBA_ROLES; Name Null? Type ----------------------------------------- -------- ---------------------------- ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies

8. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

9. Solaris

How do you assign multiple roles in RBAC?

Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC Hi, just starting with RBAC. I have managed to create a test user with assigned roles: Basic Actions Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies

LEARN ABOUT OPENSOLARIS

roles

roles(1)							   User Commands							  roles(1)

NAME

       roles - print roles granted to a user

SYNOPSIS

       roles [ user ]...

DESCRIPTION

       The  command  roles  prints  on	standard  output  the roles that you or the optionally-specified user have been granted. Roles are special
       accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).

       Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in  passwd(4)
       and  shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
       and profiles. See auths(1) and profiles(1).

       Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself  and  assume  the	role.  The
       actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
       original user who assumed the role.

       A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see  prof_attr(4))  are  hierarchical
       and can be used to achieve the same effect as hierarchical roles.

       Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).

       Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
       requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).

EXAMPLES

       Example 1 Sample output

       The output of the roles command has the following form:

	 example% roles tester01 tester02tester01 : admin
	 tester02 : secadmin, root
	 example%

EXIT STATUS

       The following exit values are returned:

       0     Successful completion.

       1     An error occurred.

FILES

       /etc/user_attr

       /etc/security/auth_attr

       /etc/security/prof_attr

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4),  prof_attr(4),  shadow(4),  user_attr(4),
       attributes(5)

SunOS 5.11							    14 Feb 2001 							  roles(1)
All times are GMT -4. The time now is 11:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy