Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC and LDAP users (AD)
Operating Systems AIX RBAC and LDAP users (AD) Post 302784487 by Janpol on Friday 22nd of March 2013 11:06:45 AM
Old 03-22-2013
Quote:
Originally Posted by MichaelFelt
my pleasure.

p.s. I do not know the answer - exactly - but you should also look into a construction for not allowing "any" AD defined user to be able to login to "all" systems. Normally, there are only one or two systems where a login is appropriate.
I've found two ways to do this:

1. Is to define a group or OU in AD for each server, and tell the ldap client to look for user information only inside that group or OU.

2. Modify the /etc/security/user file, so the default stanza will use SYSTEM=compat (therefore no LDAP user will be able to log in), and add a stanza per LDAP user, where SYSTEM=LDAP and registry=LDAP. This way, only the users that have a custom stanza here will be able to use LDAP for login.
This User Gave Thanks to Janpol For This Post:
MichaelFelt
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks... (0 Replies)
Discussion started by: vipas
0 Replies

2. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies

3. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

4. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

7. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

8. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies

9. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies

10. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT DEBIAN

afp_ldap.conf

AFP_LDAP.CONF(5)						   Netatalk 2.2 						  AFP_LDAP.CONF(5)

NAME

       afp_ldap.conf - Configuration file used by afpd(8) to configure a LDAP connection to an LDAP server. That is needed for ACL support in
       order to be able to query LDAP for UUIDs.

DESCRIPTION

       /etc/netatalk/afp_ldap.conf is the configuration file used by afpd to set up an LDAP connection to an LDAP server.

       Any line not prefixed with # is interpreted.

	   Note
	   You can use afpldaptest(1) to syntactically check your config
       The required parameters and their meanings are:

PARAMETER

       ldap_server
	   Name or IP address of your LDAP Server

       ldap_auth_method
	   Authentication method: none | simple | sasl

	   none
	       anonymous LDAP bind

	   simple
	       simple LDAP bind

	   sasl
	       SASL. Not yet supported !

       ldap_auth_dn
	   Distinguished Name of the user for simple bind.

       ldap_auth_pw
	   Distinguished Name of the user for simple bind.

       ldap_userbase
	   DN of the user container in LDAP.

       ldap_userscope
	   Search scope for user search: base | one | sub

       ldap_groupbase
	   DN of the group container in LDAP.

       ldap_groupscope
	   Search scope for user search: base | one | sub

       ldap_uuuid_attr
	   Name of the LDAP attribute with the UUIDs.

	   Note: this is used both for users and groups.

       ldap_name_attr
	   Name of the LDAP attribute with the users short name.

       ldap_group_attr
	   Name of the LDAP attribute with the groups short name.

EXAMPLES

       Example. afp_ldap.conf setup with simple bind

	   ldap_server	    = localhost
	   ldap_auth_method = simple
	   ldap_auth_dn     = cn=admin,dc=domain,dc=org
	   ldap_auth_pw     = notthisone
	   ldap_userbase    = ou=users,dc=domain,dc=org
	   ldap_userscope   = one
	   ldap_groupbase   = ou=groups,dc=domain,dc=org
	   ldap_groupscope  = one
	   ldap_uuid_attr   = some_attribute
	   ldap_name_attr   = cn
	   ldap_group_attr  = cn

SEE ALSO

       afpd(8), AppleVolumes.default(5), afpldaptest(1)

Netatalk 2.2							    30 Mar 2011 						  AFP_LDAP.CONF(5)
All times are GMT -4. The time now is 10:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy