10 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
Hi,
We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123#
We are giving this work to tier-1 team, so that they can reset... (1 Reply)
Discussion started by: ron323232
1 Replies
2. HP-UX
I need to set password compliance for some servers in my company.
However, the requirements are that we need to set different password policies for 3 different user groups within the company. These are :
System Users: i.e root, etc
Batch/Application Users: oracle, bscs, etc
Standard User:... (0 Replies)
Discussion started by: anaigini45
0 Replies
3. UNIX and Linux Applications
Hello :)
we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies
4. SuSE
Hi,
I am setting password complexity in SLES 11. I am able to do most of things
pam-config -d --pwcheck
pam-config -a --cracklib
pam-config -a --cracklib-minlen=8
pam-config -a --cracklib-dcredit=-1
pam-config -a --cracklib-ocredit=-1
pam-config -a --pwhistory
pam-config -a... (1 Reply)
Discussion started by: solaris_1977
1 Replies
5. UNIX for Advanced & Expert Users
Hello there,
I hope that I am posting in the right section here, please advise if I posted wrong.
I currently try to change passwords in our Active Directory Envoirenment via LDAP on Linux since the users in question do not have access to a windows-machine and we want to keep it that way. ... (0 Replies)
Discussion started by: henryford
0 Replies
6. Solaris
Hi, FYI, I'm new in Solaris
I'm trying to use Kerberos on authenticating LDAP Client with the Active Directory on Windows Server 2003 on both Solaris 10 5/08 and Solaris 10 9/10 by referring to the pdf file kerberos_s10.pdf available at sun official site.
... (0 Replies)
Discussion started by: chongzh
0 Replies
7. UNIX for Advanced & Expert Users
How to change the ldap root password.
I have generated the password by using "slappasswd " command, but In my root machine "/etc/ldap/sldap.d" file is not there. instead of the file sldap.d directory only is there. please help me...? (0 Replies)
Discussion started by: ungalnanban
0 Replies
8. Solaris
I'm fairly inexperienced with LDAP and DSEE so to build my skills I installed directory server in the global zone of my Sol 10/u7 machine and created a zone to use as a client. For some reason when I try to change a users password as root (in the client zone) with passwd -r ldap I am prompted for... (1 Reply)
Discussion started by: ilikecows
1 Replies
9. Solaris
Hi:
Could I set the:
- Login Time-out Interval
- Password History Count
- Lockout Duration
- Lockout Threshold
for user account in Sun Solaris 5.8.
Thanks for your help (6 Replies)
Discussion started by: mlsun
6 Replies
10. Solaris
Hey all,
I'm looking for a script to auto-generate a password for users that forget their password.
Currently, we are using a perl script (with cgi-bin) where users update their password, but would like to add to this and make it so that the users can also request a password reset and a... (1 Reply)
Discussion started by: em23
1 Replies
IDMAP_LDAP(8) System Administration tools IDMAP_LDAP(8)
NAME
idmap_ldap - Samba's idmap_ldap Backend for Winbind
DESCRIPTION
The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service.
In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs
in order to create new mappings.
IDMAP OPTIONS
ldap_base_dn = DN
Defines the directory base suffix to use for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to using the "ldap
idmap suffix" option from smb.conf.
ldap_user_dn = DN
Defines the user DN to be used for authentication. The secret for authenticating this user should be stored with net idmap secret (see
net(8)). If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind
will be performed as last fallback.
ldap_url = ldap://server/
Specifies the LDAP server to use for SID/uid/gid map entries. If not defined, idmap_ldap will assume that ldap://localhost/ should be
used.
range = low - high
Defines the available matching uid and gid range for which the backend is authoritative.
EXAMPLES
The following example shows how an ldap directory is used as the default idmap backend. It also configures the idmap range and base
directory suffix. The secret for the ldap_user_dn has to be set with "net idmap secret '*' password".
[global]
idmap config * : backend = ldap
idmap config * : range = 1000000-1999999
idmap config * : ldap_url = ldap://localhost/
idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings. It adds an
explicit configuration for some domain DOM1, that uses the ldap idmap backend. Note that a range disjoint from the default range is used.
[global]
# "backend = tdb" is redundant here since it is the default
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config DOM1 : backend = ldap
idmap config DOM1 : range = 2000000-2999999
idmap config DOM1 : read only = yes
idmap config DOM1 : ldap_url = ldap://server/
idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
NOTE
In order to use authentication against ldap servers you may need to provide a DN and a password. To avoid exposing the password in plain
text in the configuration file we store it into a security store. The "net idmap " command is used to store a secret for the DN specified
in a specific idmap domain.
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 4.0 06/17/2014 IDMAP_LDAP(8)