Sponsored Content
Top Forums UNIX for Advanced & Expert Users IBM directory server - how to restrict AIX client access to read-only Post 302606125 by Myaso on Friday 9th of March 2012 03:30:00 PM
Old 03-09-2012
IBM directory server - how to restrict AIX client access to read-only

Hello all,

I am using IBM Directory Server (as a part of AIX7 extension pack) in an AIX environment.
To set up the server I use command:
mksecldap -s -a cn=admin -p PWD -S RFC2307AIX -d o=COMPANY -u NONE

Then, to set up IDS clients I use the following (I have 2 mutually replicating servers aixldapsrv1 and aixldapsrv2) :
mksecldap -c -h aixldapsrv1,aixldapsrv2 -a cn=admin -p PWD

Also, I do necessary changes in /etc/security/user and other files to make the rsh/rlogin/ssh authentication to check AIX user/password against LDAP content.
Things work smoothly at this point.

However, any user on a host which is an LDAP client being logged in as "root", can remove, change, create users in the LDAP "domain".
I would like to restrict this capability to a root user logged to a specific host, or specific hosts (not all hosts that are LDAP clients).

I thought maybe there exist some way of establishing a dedicated "read-only" pseudo-administrator user with the dn like "cn=roadmin", and thus the LDAP client initialization would look like:
mksecldap -c -h aixldapsrv1,aixldapsrv2 -a cn=roadmin -p PWD

But how to create such a readonly admin on the LDAP server? Is it possible at all or I should be looking for the solution in some other place?

any suggestion is very much appreciated!
Myaso
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

2. AIX

How to setup Thinclient server and client in AIX

Hi, I want to setup Thinclient server-clinet in AIX. How I can do that? In linux I do it with LTSP. Can LTSP works with AIX? Thanks Neelesh (2 Replies)
Discussion started by: neel.gurjar
2 Replies

3. AIX

How to share a directory in AIX to access from Solaris and windows?

Hi All, I am basically new to this forum as well as AIX. To share some huge files between 2 servers I thought of creating a shared Directory in my AIX machine to access it in Solaris. I am very new to this AIX. Help me out how can u share a directory in AIX to access (mount) it on Solaris. Hope... (2 Replies)
Discussion started by: babuchoudary_g
2 Replies

4. AIX

IBM AIX on IBM Eseries & x series server

Hi, I want to know whether IBM AIX can be installed on the IBM e series and x series server hardware? Thanks & Regards Arun (2 Replies)
Discussion started by: Arun.Kakarla
2 Replies

5. AIX

can not mount from aix client to linux nfs server

Hi, I am trying to mount a nfs folder from AIX client to Linux NFS Server, but I got the following error: # mount 128.127.11.121:/aix /to_be_del mount: 1831-010 server 128.127.11.121 not responding: RPC: 1832-018 Port mapper failure - RPC: 1832-008 Timed out mount: retrying... (1 Reply)
Discussion started by: victorcheung
1 Replies

6. Solaris

Restrict XWindows Server Access by IP Address

We want to disable graphical logins on our Solaris 10(64bit sparc )boxes, but I haven't found any information on how to do it via google. Most likely I am using the wrong search terms (i've been looking for "xdmcp" and "x11" "disable") . While looking through the output of "svcs -a | grep... (3 Replies)
Discussion started by: the.gooch
3 Replies

7. Solaris

Can't access NFS Share on Solaris Server from a Linux Client

Hi, I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server. On the NFS Server, in /etc/dfs/, I added following line to dfstab file. & then ran the following On the client machine, while running the mount command, I am... (0 Replies)
Discussion started by: SunilB2011
0 Replies

8. Red Hat

Unable to access NFS share on Solaris Server from Linux client

Hi, I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server. On the NFS Server, in /etc/dfs/, I added following line to dfstab file. share -F nfs -o rw /var/share & then ran the following svcadm -v enable -r... (3 Replies)
Discussion started by: SunilB2011
3 Replies

9. UNIX for Beginners Questions & Answers

How to restrict ftpusers in AIX to home directory?

I need to know how to restrict the ftpusers within their home directory in AIX 7.1 For example for ftpuser nonoftp I have tried putting this entry to /etc/ftpaccess.ctl and refreshed inetd but the directory listing unsuccessful error comes with the entry. Without the ftpaccess.ctl file ftp users... (2 Replies)
Discussion started by: pregmi
2 Replies

10. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies
AFP_LDAP.CONF(5)						   Netatalk 2.2 						  AFP_LDAP.CONF(5)

NAME
afp_ldap.conf - Configuration file used by afpd(8) to configure a LDAP connection to an LDAP server. That is needed for ACL support in order to be able to query LDAP for UUIDs. DESCRIPTION
/etc/netatalk/afp_ldap.conf is the configuration file used by afpd to set up an LDAP connection to an LDAP server. Any line not prefixed with # is interpreted. Note You can use afpldaptest(1) to syntactically check your config The required parameters and their meanings are: PARAMETER
ldap_server Name or IP address of your LDAP Server ldap_auth_method Authentication method: none | simple | sasl none anonymous LDAP bind simple simple LDAP bind sasl SASL. Not yet supported ! ldap_auth_dn Distinguished Name of the user for simple bind. ldap_auth_pw Distinguished Name of the user for simple bind. ldap_userbase DN of the user container in LDAP. ldap_userscope Search scope for user search: base | one | sub ldap_groupbase DN of the group container in LDAP. ldap_groupscope Search scope for user search: base | one | sub ldap_uuuid_attr Name of the LDAP attribute with the UUIDs. Note: this is used both for users and groups. ldap_name_attr Name of the LDAP attribute with the users short name. ldap_group_attr Name of the LDAP attribute with the groups short name. EXAMPLES
Example. afp_ldap.conf setup with simple bind ldap_server = localhost ldap_auth_method = simple ldap_auth_dn = cn=admin,dc=domain,dc=org ldap_auth_pw = notthisone ldap_userbase = ou=users,dc=domain,dc=org ldap_userscope = one ldap_groupbase = ou=groups,dc=domain,dc=org ldap_groupscope = one ldap_uuid_attr = some_attribute ldap_name_attr = cn ldap_group_attr = cn SEE ALSO
afpd(8), AppleVolumes.default(5), afpldaptest(1) Netatalk 2.2 30 Mar 2011 AFP_LDAP.CONF(5)
All times are GMT -4. The time now is 02:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy