08-14-2013
Thanks for your replies. Finally not in a plane, visiting customers, etc..
IDS seems daunting - but it does have the schema for supporting all AIX user attributes. Most customers I see usig LDAP and not IDS only support/use the RFC2307 (basically /etc/passwd and /etc/group entries) and rely on the files in /etc/security - in particular /etc/security/user - but never think to update them.
Also, no RBAC/TE support, by default, in non-IDS.
I doubt I will experiment with AD (what I hear is if you add the AIX schema AD is out of support) as customers do not like to "go out of support". So, when they use AD as server for AIX they use the AD equivalent of RFC2307.
I expect openLDAP to support RFC2307 - out of the box. I have been reading their documentation and am hopeful that the AIX schema can be added in without too much difficulty - since that know have a tool for configuring slapd - keeping the config info in private ldif files, similiar to how IDS does it's configuration.
Just remember, in discussions, IDS does not really need to be administered/updated in the LDAP internals if it is only being used for AIX - IDS/ITDS is already configured for AIX support. AND - when used for AIX only - there is no additional charge. FYI...
@Lerphil - are you using openLDAP with rfc2307AIX schema, or rfc2307 only?
7 More Discussions You Might Find Interesting
1. IP Networking
Hi,
Off late I had been looking at the differences b/w select() & poll() system calls. The requirement is to reduce the overhead, processor power in waiting for the data. In the kind of connections under consideration there would be very frequent data arriving on the sockets, so poll() fares... (12 Replies)
Discussion started by: smanu
12 Replies
2. Shell Programming and Scripting
I have a file below which has a list of users and roles with each row having unique combination of users and roles.
USER1 ROLE1
USER1 ROLE2
USER2
USER3 ROLE1
USER3 ROLE2
USER3 ROLE3
USER4 ROLE2
....
....
I am trying to create a script which sorts the above file to have all the... (2 Replies)
Discussion started by: stevefox
2 Replies
3. Shell Programming and Scripting
Hi ,
i have a requirement in which i have to ftp files to unix from windows and vice versa.
I have to encrypt files in windows which will then be decrypted in unix and vice versa.
Now the process needs to be automated ..therefore when windows server or unix server recieves the files a shell... (5 Replies)
Discussion started by: lifzgud
5 Replies
4. Shell Programming and Scripting
Hi,
I have this data:
Jun 16 88.191.117.191 = 100
Jun 16 88.191.117.191 = 70
Jun 16 88.191.117.191 = 30
Jun 16 200.242.67.142 = 65
Jun 16 125.77.107.212 = 40
Jun 16 125.77.107.212 = 60
And I want to have the ff ouput:
Jun 16 88.191.117.191 = 200
Jun 16 ... (6 Replies)
Discussion started by: linuxgeek
6 Replies
5. Shell Programming and Scripting
Hi, guys:
I want to write my own shell using C. I am confused about the usage of I/O multiplex. Does anyone know some examples or explain it to me ?
Thanks so much (1 Reply)
Discussion started by: tomlee
1 Replies
6. UNIX for Advanced & Expert Users
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies
7. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT CENTOS
net::ldap::extra::ad
Net::LDAP::Extra::AD(3) User Contributed Perl Documentation Net::LDAP::Extra::AD(3)
NAME
Net::LDAP::Extra::AD -- AD convenience methods
SYNOPSIS
use Net::LDAP::Extra qw(AD);
$ldap = Net::LDAP->new( ... );
...
if ($ldap->is_AD || $ldap->is_ADAM) {
$ldap->change_ADpassword($dn, $old_password, $new_password);
}
DESCRIPTION
Net::LDAP::Extra::AD tries to spare users the necessity to reinvent the wheel again and again in order to correctly encode password strings
so that they can be used in AD password change operations.
To do so, it provides the following methods:
METHODS
is_AD ( )
Tell if the LDAP server queried is an Active Directory Domain Controller.
As the check is done by querying the root DSE of the directory, it works without being bound to the directory.
is_ADAM ( )
Tell if the LDAP server queried is running AD LDS (Active Directory Lightweight Directory Services), previously known as ADAM (Active
Directoy Application Mode).
As the check is done by querying the root DSE of the directory, it works without being bound to the directory.
change_ADpassword ( DN, OLD_PASSWORD, NEW_PASSWORD )
Change the password of the account given by DN from its old value OLD_PASSWORD to the new value NEW_PASSWORD.
This method requires encrypted connections.
reset_ADpassword ( DN, NEW_PASSWORD, OPTIONS )
Reset the password of the account given by DN to the value given in NEW_PASSWORD. OPTIONS is a list of key/value pairs. The following
keys are recognized:
force_change
If TRUE, the affected user is required to change the password at next login.
For this method to work, the caller needs to be bound to AD with sufficient permissions, and the connection needs to be encrypted.
AUTHOR
Peter Marschall <peter@adpm.de<gt>
COPYRIGHT
Copyright (c) 2012 Peter Marschall. All rights reserved. This program is free software; you can redistribute it and/or modify it under the
same terms as Perl itself.
perl v5.16.3 2013-06-07 Net::LDAP::Extra::AD(3)