Login or Register to Ask a Question and Join Our Community


AIX

Access control using LDAP

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Access control using LDAP
# 1  
Old 03-18-2010
Access control using LDAP
Hello,

I've configurated a LDAP user authentication on AIX V6 against Active Directory (Windows Server 2008).

The Tree is built as follows:

test (DC)
|--- testgroup (group with members: user1, user2)
|
|--- sys1 (OU)
| |--- sys1group (group with member: user1)
|
|--- sys2 (OU)
| |--- sys2group (group with member: user2)

How is the LDAP Client to configurate that only members of sys1group have access to the AIX system?

I do NOT want to: - change the /etc/security/user file
- move user1 to OU sys1


I have set the groubasedn to dc=test in the ldap.cfg (not to cn=sys1group,ou=sys1,dc=test) because the testgroup should be also detected.

Is there the posibility to set a path to a group which is only used while authentication to grant access to the members?
There are also the parameters hostbasedn and authbasedn in the ldap.cfg but I don't know how to use them.

Has anyone an idea?

Thank you in advance.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

2. Red Hat

Authentication for USB Access from ldap server as centralised

HI All, Kindly help me to configure the ldap server which is used to authenticate my all cleints from usd access..I need to block all the usb access to the clients... RHEL5.4 (1 Reply)
Discussion started by: selvaforum
1 Replies

3. UNIX and Linux Applications

User Based LDAP Client Access

Hi everyone, I am not that familiar with LDAP advanced contents. But since it is a popular secure tool for authentication, I preferred to user RedHat LDAP. The organization has 5 organizational units. There are 3 client servers and I want to limit each client to access different users. So, I... (3 Replies)
Discussion started by: royalliege
3 Replies

4. UNIX for Dummies Questions & Answers

eTrust Access Control

Hi, I am using eTrust Access Control at work. I have got no output after type checklogin. I wonder what is the reason. Does anyone know? Thanks eTrustAC selang v8.00a-1555.13 - eTrustAC command line interpreter Copyright (c) 2006 CA. All rights reserved. eTrustAC> checklogin user1... (0 Replies)
Discussion started by: uuontario
0 Replies

5. UNIX for Dummies Questions & Answers

Internet Access Control

I need to control intenet access @ work. xample. I need PC 1 to only be able to access these five sites and add to the list as needed. Can anyone pint me a direction. (1 Reply)
Discussion started by: fruiz
1 Replies

6. UNIX for Dummies Questions & Answers

Does U*X have Access Control Lists?

In OS like windows, I can define an Access Control List (ACL) and specify which accounts and groups have what access to a specific file. I assume U*X, Linux and cygwin on windows have this ACL feature too. I'm using cygwin on windows. What do I type at a bash prompt to allow a specific user... (1 Reply)
Discussion started by: siegfried
1 Replies

7. Shell Programming and Scripting

Access Control List

Hey all, I have a directory (own by user: b; group: grpB) which I want a user (user: a; group: grpA) to be able to read and execute from, I wonder if I should add user a to this particular directory's ACL or that I would add group grpB to user a's subgroup? I would like to know the difference... (3 Replies)
Discussion started by: mpang_
3 Replies

8. UNIX for Advanced & Expert Users

LDAP Authentication for access to a folder

I am struggling with finding a way of securing a unix folder by controlling access to it by a LDAP Group. In simpler terms,I am looking forward to see a username password prompt,when a specific unix folder is accessed. That UserID and password ,should be authenticated by a secure directory (via... (1 Reply)
Discussion started by: sunmatts
1 Replies

9. UNIX for Dummies Questions & Answers

Access control Lists

Hi, I was wondering if someone could help me with ACL's. I have a file, say output, created by the root user, member of group other. Its permissions are rwxr--r--. I want only people in group other to have rwx access, but I also want one other user, stephen, member of some_other_group to have rwx... (1 Reply)
Discussion started by: sroberts82
1 Replies

10. Filesystems, Disks and Memory

Access Control

In Windows XP, there are 3 default access control groups namely: Administrators, Users and Power Users. Is there default access control groups in Unix system? If there is, what are they? newbie. (1 Reply)
Discussion started by: zertoir
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

authen::simple::ldap

Authen::Simple::LDAP(3pm)				User Contributed Perl Documentation				 Authen::Simple::LDAP(3pm)

NAME

       Authen::Simple::LDAP - Simple LDAP authentication

SYNOPSIS

	   use Authen::Simple::LDAP;

	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'ldap.company.com',
	       basedn  => 'ou=People,dc=company,dc=net'
	   );

	   if ( $ldap->authenticate( $username, $password ) ) {
	       # successfull authentication
	   }

	   # or as a mod_perl Authen handler

	   PerlModule Authen::Simple::Apache
	   PerlModule Authen::Simple::LDAP

	   PerlSetVar AuthenSimpleLDAP_host   "ldap.company.com"
	   PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"

	   <Location /protected>
	     PerlAuthenHandler Authen::Simple::LDAP
	     AuthType	       Basic
	     AuthName	       "Protected Area"
	     Require	       valid-user
	   </Location>

DESCRIPTION

       Authenticate against a LDAP service.

METHODS

       o   new

	   This method takes a hash of parameters. The following options are valid:

	   o	   host

		   Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".

		       host => ldap.company.com
		       host => 10.0.0.1
		       host => ldap://ldap.company.com:389
		       host => ldaps://ldap.company.com

	   o	   port

		   Connection port, default to 389. May be overridden by host if host is a URI.

		       port => 389

	   o	   timeout

		   Connection timeout, defaults to 60.

		       timeout => 60

	   o	   version

		   The LDAP version to use, defaults to 3.

		       version => 3

	   o	   binddn

		   The distinguished name to bind to the server with, defaults to bind anonymously.

		       binddn => 'uid=proxy,cn=users,dc=company,dc=com'

	   o	   bindpw

		   The credentials to bind with.

		       bindpw => 'secret'

	   o	   basedn

		   The distinguished name of the search base.

		       basedn => 'cn=users,dc=company,dc=com'

	   o	   filter

		   LDAP filter to use in search, defaults to "(uid=%s)".

		       filter => '(uid=%s)'

	   o	   scope

		   The search scope, can be "base", "one" or "sub", defaults to "sub".

		       filter => 'sub'

	   o	   log

		   Any object that supports "debug", "info", "error" and "warn".

		       log => Log::Log4perl->get_logger('Authen::Simple::LDAP')

       o   authenticate( $username, $password )

	   Returns true on success and false on failure.

EXAMPLE USAGE

   Apple Open Directory
	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'od.company.com',
	       basedn  => 'cn=users,dc=company,dc=com',
	       filter  => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
	   );

   Microsoft Active Directory
	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'ad.company.com',
	       binddn  => 'proxyuser@company.com',
	       bindpw  => 'secret',
	       basedn  => 'cn=users,dc=company,dc=com',
	       filter  => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
	   );

       Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search
       the desired tree and attributes.

SEE ALSO

       Authen::Simple::ActiveDirectory.

       Authen::Simple.

       Net::LDAP.

AUTHOR

       Christian Hansen "chansen@cpan.org"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2012-04-23						 Authen::Simple::LDAP(3pm)