Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC and LDAP users (AD)
Operating Systems AIX RBAC and LDAP users (AD) Post 302784335 by MichaelFelt on Friday 22nd of March 2013 03:17:12 AM
Old 03-22-2013
it can be done, but i would recommend a seperate ldap server for the other DIT domains.

No time for details, check out /etc/security/ldap/ldap.cfg for specifying multiple base domains for different categories of information.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

4. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

7. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

8. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

9. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT SUNOS

idmap_ldap

IDMAP_LDAP(8)						    System Administration tools 					     IDMAP_LDAP(8)

NAME

       idmap_ldap - Samba's idmap_ldap Backend for Winbind

DESCRIPTION

       The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service.

       In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs
       in order to create new mappings. The allocator can be provided by the idmap_ldap backend itself or by any other allocating backend like
       idmap_tdb or idmap_tdb2. This is configured with the parameter idmap alloc backend.

       Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable. The ranges
       used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid".

       Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly
       configured domain with idmap backend ldap should have the same range as the default range, since it needs to use the global uid / gid
       allocator. See the example below.

IDMAP OPTIONS

       ldap_base_dn = DN
	   Defines the directory base suffix to use when searching for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to
	   using the "ldap idmap suffix" option from smb.conf.

       ldap_user_dn = DN
	   Defines the user DN to be used for authentication. If absent an anonymous bind will be performed.

       ldap_url = ldap://server/
	   Specifies the LDAP server to use when searching for existing SID/uid/gid map entries. If not defined, idmap_ldap will assume that
	   ldap://localhost/ should be used.

       range = low - high
	   Defines the available matching uid and gid range for which the backend is authoritative. If the parameter is absent, Winbind fails over
	   to use the "idmap uid" and "idmap gid" options from smb.conf.

IDMAP ALLOC OPTIONS

       ldap_base_dn = DN
	   Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored. If not defined, idmap_ldap will default
	   to using the "ldap idmap suffix" option from smb.conf.

       ldap_user_dn = DN
	   Defines the user DN to be used for authentication. If absent an anonymous bind will be performed.

       ldap_url = ldap://server/
	   Specifies the LDAP server to which modify/add/delete requests should be sent. If not defined, idmap_ldap will assume that
	   ldap://localhost/ should be used.

EXAMPLES

       The follow sets of a LDAP configuration which uses two LDAP directories, one for storing the ID mappings and one for retrieving new IDs.

		[global]
		idmap backend = ldap:ldap://localhost/
		idmap uid = 1000000-1999999
		idmap gid = 1000000-1999999

		idmap alloc backend = ldap
		idmap alloc config : ldap_url = ldap://id-master/
		idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com

NOTE

       In order to use authentication against ldap servers you may need to provide a DN and a password. To avoid exposing the password in plain
       text in the configuration file we store it into a security store. The "net idmap " command is used to store a secret for the DN specified
       in a specific idmap domain.

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 3.5							    06/18/2010							     IDMAP_LDAP(8)
All times are GMT -4. The time now is 09:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy