RBAC and LDAP users (AD)

10 More Discussions You Might Find Interesting

1. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working...

2. Linux

Help me with all users ldap

Need to find the ldap id's of all the users in my organizations... is there any command???

3. Linux

Monitor ldap users

Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts.

4. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than...

5. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%...

6. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"?

7. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the...

8. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:...

9. UNIX for Advanced & Expert Users

link LDAP-Users

hi, is it possible to link users on a LDAP-Server from one container to another? we have two trees, one for AIX and one for solaris-linux but we have a few users in both trees, they should have the same password and a password change must affect both entries we use IBM Directory Server...

10. UNIX for Advanced & Expert Users

Equivalent of ADMCHG for LDAP Users

All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help? Thanks...

LEARN ABOUT HPUX

rbacdbchk

rbacdbchk(1M)															     rbacdbchk(1M)

NAME

       rbacdbchk - Verifies the syntax of the Role-Based Access Control (RBAC) database files

SYNOPSIS

DESCRIPTION

       verifies that there are no conflicting or inconsistent entries in and amongst the RBAC database files.  also checks the syntax of the data-
       base files and prints messages indicating which lines contain errors.  returns zero output if no errors are present in the database files.

       All the RBAC database files and are verified.  See rbac(5) for more information on these RBAC database files.

   Options
       supports the following options:

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Checks the
		     database.

	      Cross reference checks all databases.

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE

       0.   Success
       1.   Incorrect syntax

EXAMPLES

       The following example finds an error that user is an invalid user

	      # rbacdbchk
	      [/etc/rbac/user_role] John: Administrator
		      invalid user
		      The value 'John' for the Username field is bad.

       The following example finds a syntax error, an extra colon at the end of a line:

	      # rbacdbchk
	      [/etc/rbac/user_role] root:     Administrator:
		      invalid name: Not alphanumeric
		      The value 'Administrator:' for the Rolename field is bad.

	      [Role in role_auth DB with no assigned user in user_role DB]
	      Administrator:(hpux.*, *)

       The following example finds a field missing:

	      # rbacdbchk
	      [/etc/rbac/roles] : my comment
		      invalid name: <empty>
		      The value '' for the Rolename field is bad.

       The following example finds a bad role:

	      # rbacdbchk

	      [Role in role_auth DB with no assigned user in user_role DB]
	      blah:(hpux.*, *)

	      [Invalid Role in role_auth DB. Role 'blah' does not exist in the roles DB]
	      blah:(hpux.*, *)

       The following example finds a bad group name:

	      # rbacdbchk
	      [/etc/rbac/user_role] &blah:    Administrator
		      invalid group
		      The value 'blah' for the Group name field is bad.

FILES

       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles for each specified user.

       Database that defines the authorizations for each role.

       Database containing the authorization to execute specified commands,
	      and the privileges to alter uid and gid for command execution.

       Database that defines the role-to-authorization to audit

SEE ALSO

       authadm(1M), cmdprivadm(1M), privrun(1M), rbac(5).

																     rbacdbchk(1M)

AIX