Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC and LDAP users (AD)
Operating Systems AIX RBAC and LDAP users (AD) Post 302784487 by Janpol on Friday 22nd of March 2013 11:06:45 AM
Old 03-22-2013
Quote:
Originally Posted by MichaelFelt
my pleasure.

p.s. I do not know the answer - exactly - but you should also look into a construction for not allowing "any" AD defined user to be able to login to "all" systems. Normally, there are only one or two systems where a login is appropriate.
I've found two ways to do this:

1. Is to define a group or OU in AD for each server, and tell the ldap client to look for user information only inside that group or OU.

2. Modify the /etc/security/user file, so the default stanza will use SYSTEM=compat (therefore no LDAP user will be able to log in), and add a stanza per LDAP user, where SYSTEM=LDAP and registry=LDAP. This way, only the users that have a custom stanza here will be able to use LDAP for login.
This User Gave Thanks to Janpol For This Post:
MichaelFelt
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

4. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

7. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

8. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

9. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT DEBIAN

globus_url_t

globus_url_t(3) 						   globus common						   globus_url_t(3)

NAME

       globus_url_t -

SYNOPSIS

   Data Fields
       char * scheme
       globus_url_scheme_t scheme_type
       char * user
       char * password
       char * host
       unsigned short port
       char * url_path
       char * dn
       char * attributes
       char * scope
       char * filter
       char * url_specific_part

Detailed Description
       Parsed URLs.

       This structure contains the fields which were parsed from an string representation of an URL. There are no methods to access fields of this
       structure.

Field Documentation
   char* globus_url_t::scheme
       A string containing the URL's scheme (http, ftp, etc)

   globus_url_scheme_t globus_url_t::scheme_type
       An enumerated scheme type. This is derived from the scheme string

   char* globus_url_t::user
       The username portion of the URL. [ftp, gsiftp]

   char* globus_url_t::password
       The user's password from the URL. [ftp, gsiftp]

   char* globus_url_t::host
       The host name or IP address of the URL. [ftp, gsiftp, http, https, ldap, x-nexus

   unsigned short globus_url_t::port
       The TCP port number of the service providing the URL [ftp, gsiftp, http, https, ldap, x-nexus].

   char* globus_url_t::url_path
       The path name of the resource on the service providing the URL. [ftp, gsiftp, http, https]

   char* globus_url_t::dn
       The distinguished name for the base of an LDAP search. [ldap]

   char* globus_url_t::attributes
       The list of attributes which should be returned from an LDAP search. [ldap]

   char* globus_url_t::scope
       The scope of an LDAP search. [ldap]

   char* globus_url_t::filter
       The filter to be applied to an LDAP search [ldap].

   char* globus_url_t::url_specific_part
       An unparsed string containing the remaining text after the optional host and port of an unknown URL, or the contents of a x-gass-cache URL
       [x-gass-cache, unknown].

Author
       Generated automatically by Doxygen for globus common from the source code.

Version 14.7							  Tue Nov 27 2012						   globus_url_t(3)
All times are GMT -4. The time now is 01:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy