Solaris

Hello everyone,

I have been trying to find a way to setup a directory server working with RBAC on Solaris. I will try to figure out my environment and my concerns. Here we go :

- I have Unix servers mostly running Solaris 10 and 9 in my environment.
- I have users/user groups that need to perform administrative tasks
- I need to keep track of users (who is doing what on which server)
- I want to have a centralized server that authenticates the users as well as authorizes them using RBAC roles.

Well, as far as I know, RBAC roles must be defined on each server individually. (Please correct me if I am wrong) So according to my concerns, it does not seem to be possible to setup such an environment.

Do you have any idea how to integrate Directory Server with RBAC ? ( which means I will define my users as well as their roles using RBAC in the directory server , thus all other servers will be using this server as an authentication and authorization server. ) So at the end, I will simply add my newly installed server into my domain and with no extra effort associated groups/users will be able to use it with out any local user/pass defined on the server.

I hope I was clear enough to explain my problem. I look forward to hearing from you.

Thanks,
Niyazi

They must not. RBAC roles (locally set in /etc/user_attr) can be also defined globally by using an LDAP repository thanks to the SolarisUserAttr objectclass.

So my dreams would come true.

Is there anybody here who has setup such an environment ?

Assuming you are using iPlanet Directory Server (now DSEE), this is done automatically by running idsconfig.

Running idsconfig (System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)) - Sun Microsystems

Thank you so much ! This link looks very helpful. I will try it asap.