Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LDAP Query - host allowed option
Top Forums UNIX for Advanced & Expert Users LDAP Query - host allowed option Post 303019886 by dagamier on Monday 9th of July 2018 05:13:28 PM
Old 07-09-2018
I'm already running a generic LDAP query. The problem is, the results are the same on every server. For Identity and Access Management, this isn't what I want as not all uses have access to all servers. I was trying to find some switch that I could use in my query, or an alternate way to look up LDAP users who have access to the local server without also giving me everyone else. Simple is always better, but in this case, simple didn't cut it as it overproduced results.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Ldap dn chars allowed

Hi Is it possible to add the following to an ldif entry: dn=estmmartín i.e Note the charchter 'í' Thanks in advance (3 Replies)
Discussion started by: tom123
3 Replies

2. Shell Programming and Scripting

Perl and Net::LDAP, objects and arrays query

Hi I'm not a programmer but am muddling through as best I can. I am trying to set up a PostSearchHook for Radiator (RADIUS server), that carries out an LDAP lookup, and, based on the string returned ("staff" or "student") in the "businessCategory" attribute, will set the $role to be either 40... (3 Replies)
Discussion started by: mikie
3 Replies

3. UNIX for Dummies Questions & Answers

LDAP search query help

I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist. Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies

4. UNIX for Dummies Questions & Answers

CRON JOB SCHEDULER throwing "option not allowed error"

Hi All, Pardon me if this turns out to be a dumb question. But I am trying to schedule a cron job for a my script which takes input options. So an entry in crontab would be something like: 1 * * * * run_report.sh -o out.csv -m monthly -e somename@email.com > cron_output.log 2> cron_error.log... (3 Replies)
Discussion started by: trueharsh
3 Replies

5. Solaris

Mail issue solution query- host map: lookup (domain): deferred

Hi all I had a mail issue earlier today where I was not receiving any emails from the servers of one of our clients. The mail queue just showed this: -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- o8S7eSpp020274* 5858 Tue Sep 28 10:42... (0 Replies)
Discussion started by: notreallyhere
0 Replies

6. Red Hat

SMB can't locate LDAP on another host

Hi, We have a mail server which has Zimbra installed on it and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server. Couple days ago, at around 12 PM all of the sudden,... (3 Replies)
Discussion started by: tezarin
3 Replies

7. Shell Programming and Scripting

Ldap search query

Hi All, I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line. ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz" Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies

8. Emergency UNIX and Linux Support

LDAP and AD Authentication Query

Hi Friends, I have below scenarios . dom1.test.com - LDAP dom2.test.com - AD Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with dom1\username -> get authenticated by LDAP host ... (2 Replies)
Discussion started by: Shirishlnx
2 Replies

9. Shell Programming and Scripting

Db2 query on other host

Hello, i need some help with a script. I made a script, which connect to different hosts to get some informations. But i got now some problems with getting informations of a database (db2) which is on a other host. I tried something like var=$(rsh HOST su - db2adm -c "db2 connect to database;... (2 Replies)
Discussion started by: Cyver
2 Replies

10. UNIX and Linux Applications

LDAP Group query

I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation. Below are the details - ================ LDIF entry for OndotAPI group dn: cn=OndotAPI,ou=Groups,o=CNS changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies

LEARN ABOUT PHP

ldap

ldap(1) 							   User Commands							   ldap(1)

NAME

       ldap - LDAP as a naming repository

DESCRIPTION

       LDAP  refers  to  Lightweight Directory Access Protocol, which is an industry standard for accessing directory servers. By initializing the
       client using ldapclient(1M) and using the keyword ldap in the name service switch file, /etc/nsswitch.conf, Solaris clients can obtain nam-
       ing  information from an LDAP server.  Information such as usernames, hostnames, and passwords are stored on the LDAP server in a Directory
       Information Tree or DIT. The DIT consists of entries which in turn are composed of attributes. Each attribute has a type and  one  or  more
       values.

       Solaris	LDAP  clients  use  the  LDAP  v3 protocol to access naming information from LDAP servers. The LDAP server must support the object
       classes and attributes defined in RFC2307bis (draft), which maps the naming service model on to LDAP. As an alternate to using  the  schema
       defined	in  RFC2307bis	(draft), the system can be configured to use other schema sets and the schema mapping feature is configured to map
       between the two. Refer to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more details.

       The ldapclient(1M) utility can make a Solaris machine an LDAP client by setting up the appropriate directories,	files,	and  configuration
       information. The LDAP client caches this configuration information in local cache files. This configuration information is accessed through
       the ldap_cachemgr(1M) daemon. This daemon also refreshes the information in the configuration files from the LDAP server, providing  better
       performance and security. The ldap_cachemgr must run at all times for the proper operation of the naming services.

       There  are two types of configuration information, the information  available through a profile, and the information configured per client.
       The profile contains all the information as to how the  client accesses the directory. The credential information for proxy user is config-
       ured on a per client basis and is not downloaded through the profile.

       The  profile  contains  server-specific parameters that are required by all clients to locate the servers for the desired LDAP domain. This
       information could be the  server's IP address and the search base Distinguished Name (DN), for instance. It is  configured  on  the  client
       from  the default profile during  client  initialization and is	periodically  updated by the ldap_cachemgr daemon when the expiration time
       has elapsed.

       Client profiles can be stored on the LDAP server and may be used by the ldapclient utility to initialize an LDAP client. Using  the  client
       profile is the easiest way to configure a  client  machine. See ldapclient(1M).

       Credential information includes client-specific parameters that are used  by  a client. This information could be the Bind DN (LDAP "login"
       name) of the client and the password. If these parameters are required, they are manually defined during the initialization  through  ldap-
       client(1M).

       The  naming information is stored in containers on the LDAP server. A container is a non-leaf entry in the DIT that contains naming service
       information. Containers are similar to maps in NIS and tables in NIS+. A default mapping between the NIS databases  and the containers	in
       LDAP  is  presented  below.  The location of these containers as well as their names  can be overridden through the use of serviceSearchDe-
       scriptors. For more information, see ldapclient(1M).

       +--------------------+--------------------+---------------------------+
       |Database	    |Object Class	 | Container		     |
       +--------------------+--------------------+---------------------------+
       |passwd		    |posixAccount	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |		    |shadowAccount	 |			     |
       +--------------------+--------------------+---------------------------+
       |group		    |posixGroup 	 | ou=Group,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |services	    |ipService		 | ou=Services,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |protocols	    |ipProtocol 	 | ou=Protocols,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |rpc		    |oncRpc		 | ou=Rpc,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |hosts		    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ipnodes 	    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ethers		    |ieee802Device	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |bootparams	    |bootableDevice	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |networks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netmasks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netgroup	    |nisNetgroup	 | ou=Netgroup,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |aliases 	    |mailGroup		 | ou=Aliases,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |publickey	    |nisKeyObject	 |			     |
       +--------------------+--------------------+---------------------------+
       |generic 	    |nisObject		 | nisMapName=...,dc=...     |
       +--------------------+--------------------+---------------------------+
       |printers	    |printerService	 | ou=Printers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |auth_attr	    |SolarisAuthAttr	 | ou=SolarisAuthAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |prof_attr	    |SolarisProfAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |exec_attr	    |SolarisExecAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |user_attr	    |SolarisUserAttr	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |audit_user	    |SolarisAuditUser	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+

       The security model for clients is defined by a combination of the credential level to be used, the authentication method, and the PAM  mod-
       ules  to  be  used.  The  credential  level defines what credentials the client should use to authenticate to the directory server, and the
       authentication method defines the method of choice.  Both these can be set with multiple values. The Solaris LDAP  supports  the  following
       values for credential level :

		 anonymous

		 proxy

       The Solaris LDAP supports the following values for authentication method:

		 none

		 simple

		 sasl/CRAM-MD5

		 sasl/DIGEST-MD5

		 tls:simple

		 tls:sasl/CRAM-MD5

		 tls:sasl/DIGEST-MD5

       More  protection can be provided by means of  access control, allowing the server to grant access for certain containers or entries. Access
       control is specified by Access Control Lists (ACLs) that are defined and stored in the LDAP server. The Access Control Lists  on  the  LDAP
       server  are  called Access Control  Instructions (ACIs) by the the SunOne Directory Server. Each ACL or ACI specifies one or more directory
       objects, for example, the cn attribute in a specific container, one or more clients to whom you grant or  deny  access,	and  one  or  more
       access  rights  that  determine what the clients can do to or with the objects. Clients can be users or	applications. Access rights can be
       specified as read and write, for example. Refer to the System Administration Guide: Naming and Directory  Services  (DNS,  NIS,	and  LDAP)
       regarding the restrictions on ACLs and ACIs when using LDAP as a naming repository.

       A  sample  nsswitch.conf(4) file called nsswitch.ldap is provided in the /etc directory. This is copied to /etc/nsswitch.conf  by the ldap-
       client(1M) utility. This file uses LDAP as a repository for the different databases in the  nsswitch.conf file.

       The following is a list of the user commands related to LDAP:

       idsconfig(1M)	       Prepares a SunOne Directory Server to be ready to support Solaris LDAP clients.

       ldapaddent(1M)	       Creates LDAP entries from corresponding /etc files.

       ldapclient(1M)	       Initializes LDAP clients, or generates a configuration profile to be stored in the directory.

       ldaplist(1)	       Lists the contents of the LDAP naming space.

FILES

       /var/ldap/ldap_client_cred      Files that contain the LDAP configuration of the client. Do not manually modify these files. Their  content
       /var/ldap/ldap_client_file      is not  guaranteed to be human readable. Use ldapclient(1M) to update them.

       /etc/nsswitch.conf	       Configuration file for the name-service switch.

       /etc/nsswitch.ldap	       Sample configuration file for the name-service switch configured with LDAP and files.

       /etc/pam.conf		       PAM framework configuration file.

SEE ALSO

       ldaplist(1),   idsconfig(1M),  ldap_cachemgr(1M),  ldapaddent(1M),  ldapclient(1M),  nsswitch.conf(4),  pam.conf(4),  pam_authtok_check(5),
       pam_authtok_get(5),  pam_authtok_store(5),   pam_dhkeys(5),   pam_ldap(5),   pam_passwd_auth(5),   pam_unix_account(5),	 pam_unix_auth(5),
       pam_unix_session(5)

       System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

NOTES

       The  pam_unix(5)  module  is  no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    7 Jan 2004								   ldap(1)
All times are GMT -4. The time now is 09:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy