10 More Discussions You Might Find Interesting
1. Proxy Server
Dear all experts here,
:)
I would like to install a proxy server on Linux server to perform solely to control the access of Web server.
In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server.
I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies
2. Red Hat
HI All,
Kindly help me to configure the ldap server which is used to authenticate my all cleints from usd access..I need to block all the usb access to the clients...
RHEL5.4 (1 Reply)
Discussion started by: selvaforum
1 Replies
3. UNIX and Linux Applications
Hi everyone,
I am not that familiar with LDAP advanced contents. But since it is a popular secure tool for authentication, I preferred to user RedHat LDAP. The organization has 5 organizational units. There are 3 client servers and I want to limit each client to access different users.
So, I... (3 Replies)
Discussion started by: royalliege
3 Replies
4. UNIX for Dummies Questions & Answers
Hi,
I am using eTrust Access Control at work. I have got no output after type checklogin. I wonder what is the reason. Does anyone know? Thanks
eTrustAC selang v8.00a-1555.13 - eTrustAC command line interpreter
Copyright (c) 2006 CA. All rights reserved.
eTrustAC> checklogin user1... (0 Replies)
Discussion started by: uuontario
0 Replies
5. UNIX for Dummies Questions & Answers
I need to control intenet access @ work. xample. I need PC 1 to only be able to access these five sites and add to the list as needed. Can anyone pint me a direction. (1 Reply)
Discussion started by: fruiz
1 Replies
6. UNIX for Dummies Questions & Answers
In OS like windows, I can define an Access Control List (ACL) and specify which accounts and groups have what access to a specific file.
I assume U*X, Linux and cygwin on windows have this ACL feature too. I'm using cygwin on windows. What do I type at a bash prompt to allow a specific user... (1 Reply)
Discussion started by: siegfried
1 Replies
7. Shell Programming and Scripting
Hey all, I have a directory (own by user: b; group: grpB) which I want a user (user: a; group: grpA) to be able to read and execute from, I wonder if I should add user a to this particular directory's ACL or that I would add group grpB to user a's subgroup?
I would like to know the difference... (3 Replies)
Discussion started by: mpang_
3 Replies
8. UNIX for Advanced & Expert Users
I am struggling with finding a way of securing a unix folder by controlling access to it by a LDAP Group.
In simpler terms,I am looking forward to see a username password prompt,when a specific unix folder is accessed.
That UserID and password ,should be authenticated by a secure directory (via... (1 Reply)
Discussion started by: sunmatts
1 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I was wondering if someone could help me with ACL's. I have a file, say output, created by the root user, member of group other. Its permissions are rwxr--r--. I want only people in group other to have rwx access, but I also want one other user, stephen, member of some_other_group to have rwx... (1 Reply)
Discussion started by: sroberts82
1 Replies
10. Filesystems, Disks and Memory
In Windows XP, there are 3 default access control groups namely: Administrators, Users and Power Users. Is there default access control groups in Unix system? If there is, what are they?
newbie. (1 Reply)
Discussion started by: zertoir
1 Replies
IDMAP_RFC2307(8) System Administration tools IDMAP_RFC2307(8)
NAME
idmap_rfc2307 - Samba's idmap_rfc2307 Backend for Winbind
DESCRIPTION
The idmap_rfc2307 plugin provides a way for winbind to read id mappings from records in an LDAP server as defined in RFC 2307. The LDAP
server can be stand-alone or the LDAP server provided by the AD server. An AD server is always required to provide the mapping between name
and SID, and the LDAP server is queried for the mapping between name and uid/gid. This module implements only the "idmap" API, and is
READONLY.
Mappings must be provided in advance by the administrator by creating the user accounts in the Active Directory server and the posixAccount
and posixGroup objects in the LDAP server. The names in the Active Directory server and in the LDAP server have to be the same.
This id mapping approach allows the reuse of existing LDAP authentication servers that store records in the RFC 2307 format.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If
specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as
a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.
ldap_server = <ad | stand-alone >
Defines the type of LDAP server to use. This can either be the LDAP server provided by the Active Directory server (ad) or a
stand-alone LDAP server.
bind_path_user
Specifies the bind path where user objects can be found in the LDAP server.
bind_path_group
Specifies the bind path where group objects can be found in the LDAP server.
user_cn = <yes | no>
Query cn attribute instead of uid attribute for the user name in LDAP. This option is not required, the default is no.
cn_realm = <yes | no>
Append @realm to cn for groups (and users if user_cn is set) in LDAP. This option is not required, the default is no.
ldap_domain
When using the LDAP server in the Active Directory server, this allows to specify the domain where to access the Active Directory
server. This allows using trust relationships while keeping all RFC 2307 records in one place. This parameter is optional, the default
is to access the AD server in the current domain to query LDAP records.
ldap_url
When using a stand-alone LDAP server, this parameter specifies the ldap URL for accessing the LDAP server.
ldap_user_dn
Defines the user DN to be used for authentication. The secret for authenticating this user should be stored with net idmap secret (see
net(8)). If absent, an anonymous bind will be performed.
ldap_realm
Defines the realm to use in the user and group names. This is only required when using cn_realm together with a stand-alone ldap
server.
EXAMPLES
The following example shows how to retrieve id mappings from a stand-alone LDAP server. This example also shows how to leave a small non
conflicting range for local id allocation that may be used in internal backends like BUILTIN.
[global]
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config DOMAIN : backend = rfc2307
idmap config DOMAIN : range = 2000000-2999999
idmap config DOMAIN : ldap_server = stand-alone
idmap config DOMAIN : ldap_url = ldap://ldap1.example.com
idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com
idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com
idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 4.0 06/17/2014 IDMAP_RFC2307(8)