Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC and LDAP users (AD)
Operating Systems AIX RBAC and LDAP users (AD) Post 302784483 by MichaelFelt on Friday 22nd of March 2013 10:54:48 AM
Old 03-22-2013
my pleasure.

If you have a chance to attend the TechU in Amsterdam or Athens this year I'll be doing a presentation/labs on RBAC and LDAP (installing ITDS from try and buy images). As I have time I am looking at compiling openldap for AIX and doing the same.

p.s. I expected that AD admins would not be "excited" about a schema change. "All" customers I have worked with have said no - in the end. AD support seems to end once a none-AD schema is installed. No support == No install.

Sorry I cannot provide an easier answer.

p.s. I do not know the answer - exactly - but you should also look into a construction for not allowing "any" AD defined user to be able to login to "all" systems. Normally, there are only one or two systems where a login is appropriate.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

4. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

7. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

8. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

9. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT CENTOS

create_extension

CREATE 
EXTENSION(7)					  PostgreSQL 9.2.7 Documentation				       CREATE EXTENSION(7)

NAME

       CREATE_EXTENSION - install an extension

SYNOPSIS

       CREATE EXTENSION [ IF NOT EXISTS ] extension_name
	   [ WITH ] [ SCHEMA schema_name ]
		    [ VERSION version ]
		    [ FROM old_version ]

DESCRIPTION

       CREATE EXTENSION loads a new extension into the current database. There must not be an extension of the same name already loaded.

       Loading an extension essentially amounts to running the extension's script file. The script will typically create new SQL objects such as
       functions, data types, operators and index support methods.  CREATE EXTENSION additionally records the identities of all the created
       objects, so that they can be dropped again if DROP EXTENSION is issued.

       Loading an extension requires the same privileges that would be required to create its component objects. For most extensions this means
       superuser or database owner privileges are needed. The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of
       later privilege checks, as well as the owner of any objects created by the extension's script.

PARAMETERS

       IF NOT EXISTS
	   Do not throw an error if an extension with the same name already exists. A notice is issued in this case. Note that there is no
	   guarantee that the existing extension is anything like the one that would have been created from the currently-available script file.

       extension_name
	   The name of the extension to be installed.  PostgreSQL will create the extension using details from the file
	   SHAREDIR/extension/extension_name.control.

       schema_name
	   The name of the schema in which to install the extension's objects, given that the extension allows its contents to be relocated. The
	   named schema must already exist. If not specified, and the extension's control file does not specify a schema either, the current
	   default object creation schema is used.

	   Remember that the extension itself is not considered to be within any schema: extensions have unqualified names that must be unique
	   database-wide. But objects belonging to the extension can be within schemas.

       version
	   The version of the extension to install. This can be written as either an identifier or a string literal. The default version is
	   whatever is specified in the extension's control file.

       old_version
	   FROM old_version must be specified when, and only when, you are attempting to install an extension that replaces an "old style" module
	   that is just a collection of objects not packaged into an extension. This option causes CREATE EXTENSION to run an alternative
	   installation script that absorbs the existing objects into the extension, instead of creating new objects. Be careful that SCHEMA
	   specifies the schema containing these pre-existing objects.

	   The value to use for old_version is determined by the extension's author, and might vary if there is more than one version of the
	   old-style module that can be upgraded into an extension. For the standard additional modules supplied with pre-9.1 PostgreSQL, use
	   unpackaged for old_version when updating a module to extension style.

NOTES

       Before you can use CREATE EXTENSION to load an extension into a database, the extension's supporting files must be installed. Information
       about installing the extensions supplied with PostgreSQL can be found in Additional Supplied Modules.

       The extensions currently available for loading can be identified from the pg_available_extensions or pg_available_extension_versions system
       views.

       For information about writing new extensions, see Section 35.15, "Packaging Related Objects into an Extension", in the documentation.

EXAMPLES

       Install the hstore extension into the current database:

	   CREATE EXTENSION hstore;

       Update a pre-9.1 installation of hstore into extension style:

	   CREATE EXTENSION hstore SCHEMA public FROM unpackaged;

       Be careful to specify the schema in which you installed the existing hstore objects.

COMPATIBILITY

       CREATE EXTENSION is a PostgreSQL extension.

SEE ALSO

       ALTER EXTENSION (ALTER_EXTENSION(7)), DROP EXTENSION (DROP_EXTENSION(7))

PostgreSQL 9.2.7						    2014-02-17						       CREATE EXTENSION(7)
All times are GMT -4. The time now is 01:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy