This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
aix:aix_ldap [2021/10/18 15:49] manu |
aix:aix_ldap [2021/10/18 15:51] (current) manu |
||
---|---|---|---|
Line 37: | Line 37: | ||
In the file /usr/lib/security/methods.cfg enable LDAP module with: | In the file /usr/lib/security/methods.cfg enable LDAP module with: | ||
+ | <cli> | ||
LDAP: | LDAP: | ||
program = /usr/lib/security/LDAP | program = /usr/lib/security/LDAP | ||
program_64 =/usr/lib/security/LDAP64 | program_64 =/usr/lib/security/LDAP64 | ||
+ | </cli> | ||
Set default authentication to LDAP: | Set default authentication to LDAP: | ||
+ | <cli> | ||
chsec -f /etc/security/user -s default -a "SYSTEM=LDAP or files" | chsec -f /etc/security/user -s default -a "SYSTEM=LDAP or files" | ||
chsec -f /etc/security/user -s default -a "registry=LDAP" | chsec -f /etc/security/user -s default -a "registry=LDAP" | ||
+ | </cli> | ||
Add creation of user home directory after first login in AIX STD_AUTH, standard authentification, since AIX 6.1 TL2. For PAM_AUTHentification, add the right parameter into /etc/pam.conf | Add creation of user home directory after first login in AIX STD_AUTH, standard authentification, since AIX 6.1 TL2. For PAM_AUTHentification, add the right parameter into /etc/pam.conf | ||
Line 52: | Line 54: | ||
To allow local login, for each local user stanza in /etc/security/user specify the following: | To allow local login, for each local user stanza in /etc/security/user specify the following: | ||
+ | <cli> | ||
SYSTEM = "files" | SYSTEM = "files" | ||
registry = files | registry = files | ||
+ | </cli> | ||
+ | |||
- | AIX 6.1 | ||
Before doing anything, install the following packages. You can find it on the AIX media. | Before doing anything, install the following packages. You can find it on the AIX media. | ||
Line 65: | Line 68: | ||
idsldap.cltbase61.adt 6.1.0.17 C F Directory Server - Base Client | idsldap.cltbase61.adt 6.1.0.17 C F Directory Server - Base Client | ||
idsldap.cltbase61.rte 6.1.0.17 C F Directory Server - Base Client | idsldap.cltbase61.rte 6.1.0.17 C F Directory Server - Base Client | ||
+ | |||
Then, re-establish the links with the following command: | Then, re-establish the links with the following command: | ||
- | + | /opt/IBM/ldap/V6.1/bin/idslink -l 64 | |
- | /opt/IBM/ldap/V6.1/bin/idslink -l 64 | + | |
- | Proceed as the 5.3 from now on. | + | |
- | + | ||
==== Start/Stop IBM LDAP ==== | ==== Start/Stop IBM LDAP ==== | ||
- | <code> | + | <cli prompt='#'> |
root@itds_server - /root >cat /etc/inittab | grep ldap | root@itds_server - /root >cat /etc/inittab | grep ldap | ||
ldapd63:2:once: /opt/IBM/ldap/V6.3/sbin/ibmslapd -I ldapdb2 -f/home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf > /dev/console 2>&1 | ldapd63:2:once: /opt/IBM/ldap/V6.3/sbin/ibmslapd -I ldapdb2 -f/home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf > /dev/console 2>&1 | ||
ids0:2345:once:/opt/IBM/ldap/V6.3/sbin/ibmdiradm -I ldapdb2 > /dev/null 2>&1 #Autostart IBM LDAP Admin Daemon Instance | ids0:2345:once:/opt/IBM/ldap/V6.3/sbin/ibmdiradm -I ldapdb2 > /dev/null 2>&1 #Autostart IBM LDAP Admin Daemon Instance | ||
idsweb:2:once:/opt/IBM/ldap/V6.3/idstools/bin/startWebadminApp > /dev/null 2>&1 | idsweb:2:once:/opt/IBM/ldap/V6.3/idstools/bin/startWebadminApp > /dev/null 2>&1 | ||
+ | </cli> | ||
+ | |||
+ | <cli prompt='#'> | ||
root@itds_server - /root >cat /etc/rc.shutdown | root@itds_server - /root >cat /etc/rc.shutdown | ||
#!/bin/ksh | #!/bin/ksh | ||
Line 101: | Line 104: | ||
# Exit 0 is required, else server won t stop | # Exit 0 is required, else server won t stop | ||
exit 0 | exit 0 | ||
- | </code> | + | </cli> |