03-22-2013
Quote:
Originally Posted by
MichaelFelt
my pleasure.
p.s. I do not know the answer - exactly - but you should also look into a construction for not allowing "any" AD defined user to be able to login to "all" systems. Normally, there are only one or two systems where a login is appropriate.
I've found two ways to do this:
1. Is to define a group or OU in AD for each server, and tell the ldap client to look for user information only inside that group or OU.
2. Modify the /etc/security/user file, so the default stanza will use SYSTEM=compat (therefore no LDAP user will be able to log in), and add a stanza per LDAP user, where SYSTEM=LDAP and registry=LDAP. This way, only the users that have a custom stanza here will be able to use LDAP for login.
This User Gave Thanks to Janpol For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
Discussion started by: vipas
0 Replies
2. UNIX for Advanced & Expert Users
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies
3. Solaris
I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows:
user_attr:
asillito::::type=normal;roles=godbrook
godbrook::::type=role;profiles=Gadbrook,All
prof_attr:
Gadbrook:::Allow root commands to be used by godbrook:
exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies
4. Solaris
do i have to create a new account to add a role?
i want the sysadmin login
i have 3 users on my systems
sysadmin
secman
oc01
also 3 profiles
SA (goes t0 sysadmin account)
SSO (goes to secman account)
LMICS (goes to oc01 account)
the user accounts are located in /h/USERS/local
the... (4 Replies)
Discussion started by: deaconf19
4 Replies
5. UNIX for Dummies Questions & Answers
Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies
6. Solaris
Hi all!
On backup server with contab my script worked, but one command don't fine to be executed:
bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/
www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies
7. Solaris
I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box.
to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies
8. Linux
Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies
9. Linux
Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies
10. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT DEBIAN
afp_ldap.conf
AFP_LDAP.CONF(5) Netatalk 2.2 AFP_LDAP.CONF(5)
NAME
afp_ldap.conf - Configuration file used by afpd(8) to configure a LDAP connection to an LDAP server. That is needed for ACL support in
order to be able to query LDAP for UUIDs.
DESCRIPTION
/etc/netatalk/afp_ldap.conf is the configuration file used by afpd to set up an LDAP connection to an LDAP server.
Any line not prefixed with # is interpreted.
Note
You can use afpldaptest(1) to syntactically check your config
The required parameters and their meanings are:
PARAMETER
ldap_server
Name or IP address of your LDAP Server
ldap_auth_method
Authentication method: none | simple | sasl
none
anonymous LDAP bind
simple
simple LDAP bind
sasl
SASL. Not yet supported !
ldap_auth_dn
Distinguished Name of the user for simple bind.
ldap_auth_pw
Distinguished Name of the user for simple bind.
ldap_userbase
DN of the user container in LDAP.
ldap_userscope
Search scope for user search: base | one | sub
ldap_groupbase
DN of the group container in LDAP.
ldap_groupscope
Search scope for user search: base | one | sub
ldap_uuuid_attr
Name of the LDAP attribute with the UUIDs.
Note: this is used both for users and groups.
ldap_name_attr
Name of the LDAP attribute with the users short name.
ldap_group_attr
Name of the LDAP attribute with the groups short name.
EXAMPLES
Example. afp_ldap.conf setup with simple bind
ldap_server = localhost
ldap_auth_method = simple
ldap_auth_dn = cn=admin,dc=domain,dc=org
ldap_auth_pw = notthisone
ldap_userbase = ou=users,dc=domain,dc=org
ldap_userscope = one
ldap_groupbase = ou=groups,dc=domain,dc=org
ldap_groupscope = one
ldap_uuid_attr = some_attribute
ldap_name_attr = cn
ldap_group_attr = cn
SEE ALSO
afpd(8), AppleVolumes.default(5), afpldaptest(1)
Netatalk 2.2 30 Mar 2011 AFP_LDAP.CONF(5)