10 More Discussions You Might Find Interesting
1. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
2. AIX
Hi folks,
How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL?
It works like a charm without TLS/SSL.
i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies
3. AIX
Hi All,
Its regarding the LDAP in AIX.
we already have Microsoft Active Directory (LDAP) Server. And would like to integrate My client AIX LPAR to this LDAP server. So' that we can directly use Active directory crdentials to login. (instead of creating USERs on AIX)
from my AIX LPAR.
... (4 Replies)
Discussion started by: System Admin 77
4 Replies
4. AIX
I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly.
but when I try to log on with a windows user after entering the password login hangs and get no response.
I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in.
ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies
5. AIX
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Discussion started by: vs1
5 Replies
6. UNIX for Advanced & Expert Users
Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies
7. Solaris
Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies
8. Solaris
Hi All,
I am getting one strange problem of empty LDAP_client_ file. There was one /var 100% overload issue few days back. After that we are observing this new issue.
I got to know about similar issue SunSolve Bug ID 6495683 - “LDAP client files & cred files are deleted when /var is full”... (1 Reply)
Discussion started by: ailnilanjan
1 Replies
9. AIX
Hello,
I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp
in the internet.
I am using AIX 5.3 and I don't have access to the DVD media,
please help!
Thankyou,
Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies
10. Solaris
Hi Gurus
I am a novice in LDAP and need to configure an LDAP client(Solaris 10).
The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose.
I am planning to configure LDAP client manually(as the requirement is as such).
This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies
IDMAP_RFC2307(8) System Administration tools IDMAP_RFC2307(8)
NAME
idmap_rfc2307 - Samba's idmap_rfc2307 Backend for Winbind
DESCRIPTION
The idmap_rfc2307 plugin provides a way for winbind to read id mappings from records in an LDAP server as defined in RFC 2307. The LDAP
server can be stand-alone or the LDAP server provided by the AD server. An AD server is always required to provide the mapping between name
and SID, and the LDAP server is queried for the mapping between name and uid/gid. This module implements only the "idmap" API, and is
READONLY.
Mappings must be provided in advance by the administrator by creating the user accounts in the Active Directory server and the posixAccount
and posixGroup objects in the LDAP server. The names in the Active Directory server and in the LDAP server have to be the same.
This id mapping approach allows the reuse of existing LDAP authentication servers that store records in the RFC 2307 format.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If
specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as
a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.
ldap_server = <ad | stand-alone >
Defines the type of LDAP server to use. This can either be the LDAP server provided by the Active Directory server (ad) or a
stand-alone LDAP server.
bind_path_user
Specifies the bind path where user objects can be found in the LDAP server.
bind_path_group
Specifies the bind path where group objects can be found in the LDAP server.
user_cn = <yes | no>
Query cn attribute instead of uid attribute for the user name in LDAP. This option is not required, the default is no.
cn_realm = <yes | no>
Append @realm to cn for groups (and users if user_cn is set) in LDAP. This option is not required, the default is no.
ldap_domain
When using the LDAP server in the Active Directory server, this allows to specify the domain where to access the Active Directory
server. This allows using trust relationships while keeping all RFC 2307 records in one place. This parameter is optional, the default
is to access the AD server in the current domain to query LDAP records.
ldap_url
When using a stand-alone LDAP server, this parameter specifies the ldap URL for accessing the LDAP server.
ldap_user_dn
Defines the user DN to be used for authentication. The secret for authenticating this user should be stored with net idmap secret (see
net(8)). If absent, an anonymous bind will be performed.
ldap_realm
Defines the realm to use in the user and group names. This is only required when using cn_realm together with a stand-alone ldap
server.
EXAMPLES
The following example shows how to retrieve id mappings from a stand-alone LDAP server. This example also shows how to leave a small non
conflicting range for local id allocation that may be used in internal backends like BUILTIN.
[global]
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config DOMAIN : backend = rfc2307
idmap config DOMAIN : range = 2000000-2999999
idmap config DOMAIN : ldap_server = stand-alone
idmap config DOMAIN : ldap_url = ldap://ldap1.example.com
idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com
idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com
idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 4.0 06/17/2014 IDMAP_RFC2307(8)