Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC and LDAP users (AD)
Operating Systems AIX RBAC and LDAP users (AD) Post 302784117 by MichaelFelt on Thursday 21st of March 2013 01:36:32 PM
Old 03-21-2013
Well, as far as I know AD only supports the rfc2307 attributes, out of the box.

There are a couple of dated (were written with AIX 5.1 and for AD AIX 6.1), but still largely accurate, tutorials. (must look for links).

Have you run the mksecldap command to make AIX an ldap client of the AD server?

Before mkuser/chuser/etc can contact AD it needs to know where to look.

For the simple stuff - start with lsuser once it is setup.

$|# lsuser -R LDAP michael

---------- Post updated at 06:36 PM ---------- Previous update was at 06:25 PM ----------

Infocenter link - the basics
Developerworks article for SunOne and AD (from 2008, but gets you going)

Also, try "your favorite search engine": aixSchemaForAD

What ever solution path you choose it will include loading, at some point, an AIX LDAP Schema

After you have read the articles above, you will understand better.

BEFORE you begin - make sure adding a schema to AD does not break your support contract. So make a backup first. I am told AD does not (did not?) have an easy option to remove extensions.

Hope this helps!
This User Gave Thanks to MichaelFelt For This Post:
Janpol
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

4. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

7. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

8. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

9. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT REDHAT

perlaix

PERLAIX(1)						 Perl Programmers Reference Guide						PERLAIX(1)

NAME

       README.aix - Perl version 5 on IBM Unix (AIX) systems

DESCRIPTION

       This document describes various features of IBM's Unix operating system (AIX) that will affect how Perl version 5 (hereafter just Perl) is
       compiled and/or runs.

       Compiling Perl 5 on AIX

       When compiling Perl, you must use an ANSI C compiler. AIX does not ship an ANSI compliant C-compiler with AIX by default, but binary builds
       of gcc for AIX are widely available.

       At the moment of writing, AIX supports two different native C compilers, for which you have to pay: xlC and vac. If you decide to use
       either of these two (which is quite a lot easier than using gcc), be sure to upgrade to the latest available patch level. Currently:

	   xlC.C     3.1.4.10 or 3.6.6.0 or 4.0.2.2 or 5.0.2.9 or 6.0.0.3
	   vac.C     4.4.0.3  or 5.0.2.6 or 6.0.0.1

       note that xlC has the OS version in the name as of version 4.0.2.0, so you will find xlC.C for AIX-5.0 as package

	   xlC.aix50.rte   5.0.2.0 or 6.0.0.3

       subversions are not the same `latest' on all OS versions. For example, the latest xlC-5 on aix41 is 5.0.2.9, while on aix43, it is 5.0.2.7.

       Perl can be compiled with either IBM's ANSI C compiler or with gcc.  The former is recommended, as not only can it compile Perl with no
       difficulty, but also can take advantage of features listed later that require the use of IBM compiler-specific command-line flags.

       The IBM's compiler patch levels 5.0.0.0 and 5.0.1.0 have compiler optimization bugs that affect compiling perl.c and regcomp.c, respec-
       tively.	If Perl's configuration detects those compiler patch levels, optimization is turned off for the said source code files.  Upgrading
       to at least 5.0.2.0 is recommended.

       If you decide to use gcc, make sure your installation is recent and complete, and be sure to read the Perl README file for more gcc-spe-
       cific details. Please report any hoops you had to jump through to the development team.

       OS level

       Before installing the patches to the IBM C-compiler you need to know the level of patching for the Operating System. IBM's command
       'oslevel' will show the base, but is not always complete (in this example oslevel shows 4.3.NULL, whereas the system might run most of
       4.3.THREE):

	   # oslevel
	   4.3.0.0
	   # lslpp -l | grep 'bos.rte '
	   bos.rte	     4.3.3.75  COMMITTED  Base Operating System Runtime
	   bos.rte	      4.3.2.0  COMMITTED  Base Operating System Runtime
	   #

       The same might happen to AIX 5.1 or other OS levels. As a side note, perl cannot be built without bos.adt.syscalls and bos.adt.libm
       installed

	   # lslpp -l | egrep "syscalls|libm"
	   bos.adt.libm      5.1.0.25  COMMITTED  Base Application Development
	   bos.adt.syscalls  5.1.0.36  COMMITTED  System Calls Application
	   #

       Building Dynamic Extensions on AIX

       AIX supports dynamically loadable objects as well as shared libraries.  Shared libraries by convention end with the suffix .a, which is a
       bit misleading, as an archive can contain static as well as dynamic members.  For perl dynamically loaded objects we use the .so suffix
       also used on many other platforms.

       Note that starting from Perl 5.7.2 (and consequently 5.8.0) and AIX 4.3 or newer Perl uses the AIX native dynamic loading interface in the
       so called runtime linking mode instead of the emulated interface that was used in Perl releases 5.6.1 and earlier or, for AIX releases 4.2
       and earlier.  This change does break backward compatibility with compiled modules from earlier perl releases.  The change was made to make
       Perl more compliant with other applications like Apache/mod_perl which are using the AIX native interface. This change also enables the use
       of C++ code with static constructors and destructors in perl extensions, which was not possible using the emulated interface.

       The IBM ANSI C Compiler

       All defaults for Configure can be used.

       If you've chosen to use vac 4, be sure to run 4.4.0.3. Older versions will turn up nasty later on. For vac 5 be sure to run at least
       5.0.1.0, but vac 5.0.2.6 or up is highly recommended. Note that since IBM has removed vac 5.0.2.1 through 5.0.2.5 from the software depot,
       these versions should be considered obsolete.

       Here's a brief lead of how to upgrade the compiler to the latest level.	Of course this is subject to changes.  You can only upgrade ver-
       sions from ftp-available updates if the first three digit groups are the same (in where you can skip intermediate unlike the patches in the
       developer snapshots of perl), or to one version up where the `base' is available.  In other words, the AIX compiler patches are cumulative.

	vac.C.4.4.0.1 => vac.C.4.4.0.3	is OK	  (vac.C.4.4.0.2 not needed)
	xlC.C.3.1.3.3 => xlC.C.3.1.4.10 is NOT OK (xlC.C.3.1.4.0 is not available)

	# ftp ftp.software.ibm.com
	Connected to service.boulder.ibm.com.
	: welcome message ...
	Name (ftp.software.ibm.com:merijn): anonymous
	331 Guest login ok, send your complete e-mail address as password.
	Password:
	... accepted login stuff
	ftp> cd /aix/fixes/v4/
	ftp> dir other other.ll
	output to local-file: other.ll? y
	200 PORT command successful.
	150 Opening ASCII mode data connection for /bin/ls.
	226 Transfer complete.
	ftp> dir xlc xlc.ll
	output to local-file: xlc.ll? y
	200 PORT command successful.
	150 Opening ASCII mode data connection for /bin/ls.
	226 Transfer complete.
	ftp> bye
	... goodbye messages
	# ls -l *.ll
	-rw-rw-rw-   1 merijn	system	  1169432 Nov  2 17:29 other.ll
	-rw-rw-rw-   1 merijn	system	    29170 Nov  2 17:29 xlc.ll

       On AIX 4.2 using xlC, we continue:

	# lslpp -l | fgrep 'xlC.C '
	  xlC.C 		    3.1.4.9  COMMITTED	C for AIX Compiler
	  xlC.C 		    3.1.4.0  COMMITTED	C for AIX Compiler
	# grep 'xlC.C.3.1.4.*.bff' xlc.ll
	-rw-r--r--   1 45776101 1	 6286336 Jul 22 1996  xlC.C.3.1.4.1.bff
	-rw-rw-r--   1 45776101 1	 6173696 Aug 24 1998  xlC.C.3.1.4.10.bff
	-rw-r--r--   1 45776101 1	 6319104 Aug 14 1996  xlC.C.3.1.4.2.bff
	-rw-r--r--   1 45776101 1	 6316032 Oct 21 1996  xlC.C.3.1.4.3.bff
	-rw-r--r--   1 45776101 1	 6315008 Dec 20 1996  xlC.C.3.1.4.4.bff
	-rw-rw-r--   1 45776101 1	 6178816 Mar 28 1997  xlC.C.3.1.4.5.bff
	-rw-rw-r--   1 45776101 1	 6188032 May 22 1997  xlC.C.3.1.4.6.bff
	-rw-rw-r--   1 45776101 1	 6191104 Sep  5 1997  xlC.C.3.1.4.7.bff
	-rw-rw-r--   1 45776101 1	 6185984 Jan 13 1998  xlC.C.3.1.4.8.bff
	-rw-rw-r--   1 45776101 1	 6169600 May 27 1998  xlC.C.3.1.4.9.bff
	# wget ftp://ftp.software.ibm.com/aix/fixes/v4/xlc/xlC.C.3.1.4.10.bff
	#

       On AIX 4.3 using vac, we continue:

	# lslpp -l | grep 'vac.C '
	 vac.C			    5.0.2.2  COMMITTED	C for AIX Compiler
	 vac.C			    5.0.2.0  COMMITTED	C for AIX Compiler
	# grep 'vac.C.5.0.2.*.bff' other.ll
	-rw-rw-r--   1 45776101 1	 13592576 Apr 16 2001  vac.C.5.0.2.0.bff
	-rw-rw-r--   1 45776101 1	 14133248 Apr  9 2002  vac.C.5.0.2.3.bff
	-rw-rw-r--   1 45776101 1	 14173184 May 20 2002  vac.C.5.0.2.4.bff
	-rw-rw-r--   1 45776101 1	 14192640 Nov 22 2002  vac.C.5.0.2.6.bff
	# wget ftp://ftp.software.ibm.com/aix/fixes/v4/other/vac.C.5.0.2.6.bff
	#

       Likewise on all other OS levels. Then execute the following command, and fill in its choices

	# smit install_update
	 -> Install and Update from LATEST Available Software
	 * INPUT device / directory for software [ vac.C.5.0.2.6.bff	]
	 [ OK ]
	 [ OK ]

       Follow the messages ... and you're done.

       If you like a more web-like approach, a good start point can be http://www14.software.ibm.com/webapp/download/downloadaz.jsp and click "C
       for AIX", and follow the instructions.

       Using GNU's gcc for building perl

       Using gcc-3.x (tested with 3.0.4, 3.1, and 3.2) now works out of the box, as do recent gcc-2.9 builds available directly from IBM as part
       of their Linux compatibility packages, available here:

	 http://www.ibm.com/servers/aix/products/aixos/linux/

       Using Large Files with Perl

       Should yield no problems.

       Threaded Perl

       Threads seem to work OK, though at the moment not all tests pass when threads are used in combination with 64bit configurations.

       64-bit Perl

       If your AIX is installed with 64-bit support, you can expect 64bit configurations to work. In combination with threads some tests might
       still fail.

       AIX 4.2 and extensions using C++ with statics

       In AIX 4.2 Perl extensions that use C++ functions that use statics may have problems in that the statics are not getting initialized.  In
       newer AIX releases this has been solved by linking Perl with the libC_r library, but unfortunately in AIX 4.2 the said library has an
       obscure bug where the various functions related to time (such as time() and gettimeofday()) return broken values, and therefore in AIX 4.2
       Perl is not linked against the libC_r.

AUTHOR

       H.Merijn Brand <h.m.brand@hccnet.nl>

DATE

       Version 0.0.6: 23 Dec 2002

perl v5.8.0							    2003-02-18								PERLAIX(1)
All times are GMT -4. The time now is 02:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy