03-22-2013
Quote:
Originally Posted by
MichaelFelt
my pleasure.
p.s. I do not know the answer - exactly - but you should also look into a construction for not allowing "any" AD defined user to be able to login to "all" systems. Normally, there are only one or two systems where a login is appropriate.
I've found two ways to do this:
1. Is to define a group or OU in AD for each server, and tell the ldap client to look for user information only inside that group or OU.
2. Modify the /etc/security/user file, so the default stanza will use SYSTEM=compat (therefore no LDAP user will be able to log in), and add a stanza per LDAP user, where SYSTEM=LDAP and registry=LDAP. This way, only the users that have a custom stanza here will be able to use LDAP for login.
This User Gave Thanks to Janpol For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
Discussion started by: vipas
0 Replies
2. UNIX for Advanced & Expert Users
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies
3. Solaris
I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows:
user_attr:
asillito::::type=normal;roles=godbrook
godbrook::::type=role;profiles=Gadbrook,All
prof_attr:
Gadbrook:::Allow root commands to be used by godbrook:
exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies
4. Solaris
do i have to create a new account to add a role?
i want the sysadmin login
i have 3 users on my systems
sysadmin
secman
oc01
also 3 profiles
SA (goes t0 sysadmin account)
SSO (goes to secman account)
LMICS (goes to oc01 account)
the user accounts are located in /h/USERS/local
the... (4 Replies)
Discussion started by: deaconf19
4 Replies
5. UNIX for Dummies Questions & Answers
Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies
6. Solaris
Hi all!
On backup server with contab my script worked, but one command don't fine to be executed:
bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/
www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies
7. Solaris
I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box.
to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies
8. Linux
Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies
9. Linux
Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies
10. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT DEBIAN
globus_url_t
globus_url_t(3) globus common globus_url_t(3)
NAME
globus_url_t -
SYNOPSIS
Data Fields
char * scheme
globus_url_scheme_t scheme_type
char * user
char * password
char * host
unsigned short port
char * url_path
char * dn
char * attributes
char * scope
char * filter
char * url_specific_part
Detailed Description
Parsed URLs.
This structure contains the fields which were parsed from an string representation of an URL. There are no methods to access fields of this
structure.
Field Documentation
char* globus_url_t::scheme
A string containing the URL's scheme (http, ftp, etc)
globus_url_scheme_t globus_url_t::scheme_type
An enumerated scheme type. This is derived from the scheme string
char* globus_url_t::user
The username portion of the URL. [ftp, gsiftp]
char* globus_url_t::password
The user's password from the URL. [ftp, gsiftp]
char* globus_url_t::host
The host name or IP address of the URL. [ftp, gsiftp, http, https, ldap, x-nexus
unsigned short globus_url_t::port
The TCP port number of the service providing the URL [ftp, gsiftp, http, https, ldap, x-nexus].
char* globus_url_t::url_path
The path name of the resource on the service providing the URL. [ftp, gsiftp, http, https]
char* globus_url_t::dn
The distinguished name for the base of an LDAP search. [ldap]
char* globus_url_t::attributes
The list of attributes which should be returned from an LDAP search. [ldap]
char* globus_url_t::scope
The scope of an LDAP search. [ldap]
char* globus_url_t::filter
The filter to be applied to an LDAP search [ldap].
char* globus_url_t::url_specific_part
An unparsed string containing the remaining text after the optional host and port of an unknown URL, or the contents of a x-gass-cache URL
[x-gass-cache, unknown].
Author
Generated automatically by Doxygen for globus common from the source code.
Version 14.7 Tue Nov 27 2012 globus_url_t(3)