Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Mix LDAP and LOCAL user on AIX
Operating Systems AIX Mix LDAP and LOCAL user on AIX Post 302961210 by -=XrAy=- on Wednesday 25th of November 2015 08:18:26 AM
Old 11-25-2015
Okay,

i found a solution that seems to work (in my setup):

Security authentication mechanism in AIX

authcontroldomain attribute

AIX introduced a new alternative authentication control attribute "authcontroldomain" from AIX 6.1 Tl07 and 71 Tl01 releases. When this attribute is set, SYSTEM and registry attributes are stored or retrieved from that database. For local users, SYSTEM and registry attribute are stored in /etc/security/user file irrespective of the authcontroldomain value.

The authcontroldomain attribute needs to be defined with a loadmodule name which is defined in the /etc/methods.cfg or /usr/lib/security/methods.cfg file. This attribute needs to be defined in the /etc/security/login.cfg file under the usw stanza.

authcontroldomain attribute can be set for a system as using the chsec command. For example:

Code:
chsec -f /etc/security/login.cfg -s usw -a authcontroldomain=LDAP

Code:
/etc/security/user
default:
        SYSTEM = "files"
        registry = files

Quick Test: LDAP and local User Login works fine without further specifying SYSTEM or registry.


Regards

Edit:
IBM Systems Magazine - AIX Authentication Mechanism Simplifies System Security | AIX | IBM Systems Magazine | System p, System p5, Power System | security, Uma M. Chandolu, LDAP, Kerberos, PAM, NIS, authentication mechanism

Security load modules are defined in /usr/lib/security/methods.cfg file. User identification is done based on order in, which load modules are defined in methods.cfg file. Local load module information is not defined in the /usr/lib/security/methods.cfg file. However, the user information will be verified first in local module; then the order that is defined in methods.cfg file will follow.
These 2 Users Gave Thanks to -=XrAy=- For This Post:
AIX_user_324891 MichaelFelt
 

10 More Discussions You Might Find Interesting

1. AIX

ldap for aix

hello i look for a ldap for Aix, do know it ? thank you (0 Replies)
Discussion started by: pascalbout
0 Replies

2. SuSE

user management - LDAP and local files

I am implementing LDAP on Linux based system using openldap. My management objects to the idea that all individual users will authenticate against an LDAP server because “what if it is not available” Their suggestion is that we run in parallel a set of local configured users and a set of LDAP... (1 Reply)
Discussion started by: scampi
1 Replies

3. UNIX for Advanced & Expert Users

Determining if user is local-user in /etc/passwd or LDAP user

Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent. The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Discussion started by: ckmehta
5 Replies

4. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

5. AIX

How to change normal user id to LDAP user id?

If I create a new user id test: mkuser id=400 test then I want it to LDAP user: chuser -R LDAP SYSTEM=LDAP registry=LDAP test It shows: 3004-687 User "test" does not exist. How to do? (4 Replies)
Discussion started by: rainbow_bean
4 Replies

6. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

7. Shell Programming and Scripting

Hp-UX, SUSE, and AIX LDAP User Script Help

Hi, I have been asked to create a ksh script that will search against an LDAP directory from various HP-UX, SUSE, and AIX 5.3 and 6.1 machines. The objective is to verify the boxes are successfully authenticating users from the LDAP store. This is something I've never done, and I could use... (0 Replies)
Discussion started by: tekster2
0 Replies

8. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

9. UNIX for Advanced & Expert Users

Pam.d and make difference between AD User and local user on Linux

Hello, i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works. i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him. I looked for how to do, for the moment all the... (3 Replies)
Discussion started by: vincenzo
3 Replies

10. AIX

IBM TDS/SDS (LDAP) - can I mix endianness among servers in an instance ?

I'd like to add some x/linux-based servers to my current AIX-based TDS/SDS server community. Reading the Fine Install Guide (rtfig ?) I believe this may be covered by the section "Upgrade an instance of a previous version to a different computer" i.e. I'm going to install latest/greatest SDS on a... (4 Replies)
Discussion started by: maraixadm
4 Replies

LEARN ABOUT NETBSD

ldap_start_tls_s

LDAP_TLS(3)                                                  Library Functions Manual                                                  LDAP_TLS(3)

NAME

       ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls - LDAP TLS initialization routines

LIBRARY

       OpenLDAP LDAP (libldap, -lldap)

SYNOPSIS

       #include <ldap.h>

       int ldap_start_tls(LDAP *ld);

       int ldap_start_tls_s(LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls);

       int ldap_tls_inplace(LDAP *ld);

       int ldap_install_tls(LDAP *ld);

DESCRIPTION

       These  routines are used to initiate TLS processing on an LDAP session.  ldap_start_tls_s() sends a StartTLS request to a server, waits for
       the reply, and then installs TLS handlers on the session if the request succeeded. The routine  returns  LDAP_SUCCESS  if  everything  suc-
       ceeded,  otherwise  it returns an LDAP error code.  ldap_start_tls() sends a StartTLS request to a server and does nothing else. It returns
       LDAP_SUCCESS if the request was sent successfully.  ldap_tls_inplace() returns 1 if TLS handlers have been installed on the specified  ses-
       sion,  0  otherwise.   ldap_install_tls()  installs  the  TLS  handlers on the given session. It returns LDAP_LOCAL_ERROR if TLS is already
       installed.

SEE ALSO

       ldap(3), ldap_error(3)

ACKNOWLEDGEMENTS

       OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.  OpenLDAP Software is  derived  from  the
       University of Michigan LDAP 3.3 Release.

OpenLDAP                                                            2017/06/01                                                         LDAP_TLS(3)
All times are GMT -4. The time now is 03:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy