|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
LDAP Query - host allowed option
Post 303019451 by dagamier on Friday 29th of June 2018 11:27:16 AM
06-29-2018
LDAP Query - host allowed option
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi
Is it possible to add the following to an ldif entry:
dn=estmmartín
i.e Note the charchter 'í'
Thanks in advance (3 Replies)
Discussion started by: tom123
3 Replies
2. Shell Programming and Scripting
Hi
I'm not a programmer but am muddling through as best I can. I am trying to set up a PostSearchHook for Radiator (RADIUS server), that carries out an LDAP lookup, and, based on the
string returned ("staff" or "student") in the "businessCategory" attribute, will set the $role to be either 40... (3 Replies)
Discussion started by: mikie
3 Replies
3. UNIX for Dummies Questions & Answers
I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist.
Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies
4. UNIX for Dummies Questions & Answers
Hi All,
Pardon me if this turns out to be a dumb question. But I am trying to schedule a cron job for a my script which takes input options. So an entry in crontab would be something like:
1 * * * * run_report.sh -o out.csv -m monthly -e somename@email.com > cron_output.log 2> cron_error.log... (3 Replies)
Discussion started by: trueharsh
3 Replies
5. Solaris
Hi all
I had a mail issue earlier today where I was not receiving any emails from the servers of one of our clients.
The mail queue just showed this:
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
o8S7eSpp020274* 5858 Tue Sep 28 10:42... (0 Replies)
Discussion started by: notreallyhere
0 Replies
6. Red Hat
Hi,
We have a mail server which has Zimbra installed on it and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server.
Couple days ago, at around 12 PM all of the sudden,... (3 Replies)
Discussion started by: tezarin
3 Replies
7. Shell Programming and Scripting
Hi All,
I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line.
ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz"
Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies
8. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
9. Shell Programming and Scripting
Hello,
i need some help with a script. I made a script, which connect to different hosts to get some informations. But i got now some problems with getting informations of a database (db2) which is on a other host. I tried something like
var=$(rsh HOST su - db2adm -c "db2 connect to database;... (2 Replies)
Discussion started by: Cyver
2 Replies
10. UNIX and Linux Applications
I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation.
Below are the details -
================
LDIF entry for OndotAPI group
dn: cn=OndotAPI,ou=Groups,o=CNS
changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies
LEARN ABOUT HPUX
hosts.equiv
hosts.equiv(4) Kernel Interfaces Manual hosts.equiv(4) NAME
hosts.equiv, .rhosts - security files authorizing access by remote hosts and users on local host DESCRIPTION
The file and files named found in users' home directories specify remote hosts and users that are "equivalent" to the local host or user. Users from equivalent remote hosts are permitted to access a local account using or or to to the local account without supplying a password (see rcp(1), remsh(1), and rlogin(1)). The security provided by is implemented by the library routine, (see rcmd(3N)). In this description, hostequiv means either the system file or the user file. Note that must be owned either by the root or by the user in whose home directory it is found and it must not be a symbolic link. The file defines system-wide equivalency, whereas a user's file defines equivalency between the local user and any remote users to whom the local user chooses to allow or deny access. An entry in the hostequiv file is a single line (no continuations) in the format: Thus, it can be: o A blank line. o A comment line, beginning with a o A host name, optionally followed by a comment. o A host name and user name, optionally followed by a comment. A host or user name is a string of printable characters, excluding whitespace, newlines, and Names are separated by whitespace. For a user to be granted access, both the remote host name and the user name must "match" an entry in hostequiv. When a request is made for access, the file is searched first. If a match is found, access is permitted. If no match is found, the file is searched, if one exists in the local user's home directory. If the local user is a superuser, is ignored. A host name or user name must match the corresponding field entry in hostequiv in one of the following ways: Literal match A host name in hostequiv can literally match the official host name (not an alias) of the remote host. A user name in hostequiv can literally match the remote user name. For a user name to have literal match in the file, the remote user name must literally match the local user name. Domain-extended match The remote host name to be compared with entries in hostequiv is typically the official host name returned by (see gethostent(3N)). In a domain-naming environment, this is a domain-qualified name. If a host name in hostequiv does not literally match the remote host name, the host name in hostequiv with the local domain name appended may match the remote host name. If the host name in hostequiv is of this form, and if name literally matches the remote host name or if name with the local domain name appended matches the remote host name, access is denied regardless of the user name. If the user name in hostequiv is of this form, and name literally matches the remote user name, access is denied. Even if access is denied in this way by access can still be allowed by Any remote host name matches the host name in hostequiv. Any remote user matches the user name netgroup_name is the name of a network group as defined in netgroup(4). If the host name in hostequiv is of this form, the remote host name (only) must match the specified network group according to the rules defined in net- group(4) in order for the host name to match. Similarly, if the user name in hostequiv is of this form, the remote user name (only) must match the speci- fied network group in order for the user name to match. netgroup_name is the name of a network group as defined in netgroup(4). If the host name in hostequiv is of this form, and if the remote host name (only) matches the specified network group according to the rules defined in netgroup(4), access is denied. Similarly, if the user name in hostequiv is of this form, and if the remote user name (only) matches the specified network group, access is denied. Even if access is denied in this way by access can still be allowed by EXAMPLES
1. on contains the line: and on is empty. User on can use to or to account on without being prompted for a password. will, however, be prompted for a pass- word with or denied access with from to If in the home directory of user on contains: or then user can access from 2. is in the domain and are in the domain in the home directory of user on contains: User can access from since matches with local domain appended. But user from cannot access since does not match In order for user to be able to access from file on must contain: since is in a different domain. 3. in the home directory of user on contains: on contains the line: However, there is no file in the home directory of user on The user on can to account on without being prompted for a password, but on cannot to account on 4. in the home directory of user on contains: User from any host is allowed to access account on User from any host except can access account on 5. on contains the lines: Any user from except is allowed to access an account on with the same user name. However, if in the home directory of user on con- tains: then user from can access account on 6. on contains the line: The network group consists of: If is not running Network Information Service (NIS), user on any host can access account on If is running Network Information Service (NIS), and is in the domain user on any host, whether in or not, can access account on However, if in the home directory of user on contains the line: and is either not running Network Information Service (NIS) or is in domain no user on any host can access the account on If is run- ning Network Information Service (NIS) but is not in the domain this line has no effect. 7. on contains the line: The network group consists of: All users on are denied access to However, if in the home directory of a user on contains any of the following lines: then user on can access that account on WARNINGS
For security purposes, the files and should exist and be readable and writable only by the owner, even if they are empty. Care must be exercised when creating the The option to and prevents any authentication based on files for users other than a superuser. AUTHOR
was developed by the University of California, Berkeley. The and extensions were developed by Sun Microsystems, Inc. FILES
SEE ALSO
rcp(1), rdist(1), remsh(1), rlogin(1), remshd(1M), rlogind(1M), gethostent(3N), rcmd(3N), netgroup(4). hosts.equiv(4)