aix:aix_ldap
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
aix:aix_ldap [2021/01/01 21:21] 127.0.0.1 external edit |
aix:aix_ldap [2021/10/18 15:51] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Configure LDAP AIX ====== | ||
| + | |||
| - | + | Use command line : | |
| - | http://ebook.sikurezza.org/wiki/Configurare_LDAP_AIX | + | mksecldap -c -h ldapserver1,ldapserver2 -a cn=root -p password -S rfc2307aix |
| - | https://www.ibm.com/developerworks/mydeveloperworks/blogs/paixperiences/entry/aix_ldap_quick_n_dirty?lang=en | + | |
| - | + | ||
| - | Configurare LDAP AIX | + | |
| - | Da Security e-Book. | + | |
| - | Vai a: navigazione, ricerca | + | |
| - | AIX 5.3 | + | |
| - | modify the | + | |
| - | + | ||
| - | Use command line : mksecldap -c -h ldapserver1,ldapserver2 -a cn=root -p password -S rfc2307aix | + | |
| or | or | ||
| file /etc/security/ldap/ldap.cfg | file /etc/security/ldap/ldap.cfg | ||
| + | <code> | ||
| ldapservers:ldapserver1,ldapserver2 | ldapservers:ldapserver1,ldapserver2 | ||
| binddn:cn=proxyuser,dc=azienda,dc=local | binddn:cn=proxyuser,dc=azienda,dc=local | ||
| Line 30: | Line 23: | ||
| userbasedn:ou=people,dc=azienda,dc=local | userbasedn:ou=people,dc=azienda,dc=local | ||
| groupbasedn:ou=groups,dc=azienda,dc=local | groupbasedn:ou=groups,dc=azienda,dc=local | ||
| + | </code> | ||
| Copy the file ldap.krb in /etc/security/ldap: this file contains the public key of the certification authority that issued the LDAP certificate. Please note that to generate this file use the program gsk7ikm. | Copy the file ldap.krb in /etc/security/ldap: this file contains the public key of the certification authority that issued the LDAP certificate. Please note that to generate this file use the program gsk7ikm. | ||
| Line 43: | Line 37: | ||
| In the file /usr/lib/security/methods.cfg enable LDAP module with: | In the file /usr/lib/security/methods.cfg enable LDAP module with: | ||
| + | <cli> | ||
| LDAP: | LDAP: | ||
| program = /usr/lib/security/LDAP | program = /usr/lib/security/LDAP | ||
| program_64 =/usr/lib/security/LDAP64 | program_64 =/usr/lib/security/LDAP64 | ||
| + | </cli> | ||
| Set default authentication to LDAP: | Set default authentication to LDAP: | ||
| + | <cli> | ||
| chsec -f /etc/security/user -s default -a "SYSTEM=LDAP or files" | chsec -f /etc/security/user -s default -a "SYSTEM=LDAP or files" | ||
| chsec -f /etc/security/user -s default -a "registry=LDAP" | chsec -f /etc/security/user -s default -a "registry=LDAP" | ||
| + | </cli> | ||
| Add creation of user home directory after first login in AIX STD_AUTH, standard authentification, since AIX 6.1 TL2. For PAM_AUTHentification, add the right parameter into /etc/pam.conf | Add creation of user home directory after first login in AIX STD_AUTH, standard authentification, since AIX 6.1 TL2. For PAM_AUTHentification, add the right parameter into /etc/pam.conf | ||
| Line 58: | Line 54: | ||
| To allow local login, for each local user stanza in /etc/security/user specify the following: | To allow local login, for each local user stanza in /etc/security/user specify the following: | ||
| + | <cli> | ||
| SYSTEM = "files" | SYSTEM = "files" | ||
| registry = files | registry = files | ||
| + | </cli> | ||
| + | |||
| - | AIX 6.1 | ||
| Before doing anything, install the following packages. You can find it on the AIX media. | Before doing anything, install the following packages. You can find it on the AIX media. | ||
| Line 71: | Line 68: | ||
| idsldap.cltbase61.adt 6.1.0.17 C F Directory Server - Base Client | idsldap.cltbase61.adt 6.1.0.17 C F Directory Server - Base Client | ||
| idsldap.cltbase61.rte 6.1.0.17 C F Directory Server - Base Client | idsldap.cltbase61.rte 6.1.0.17 C F Directory Server - Base Client | ||
| + | |||
| Then, re-establish the links with the following command: | Then, re-establish the links with the following command: | ||
| - | + | /opt/IBM/ldap/V6.1/bin/idslink -l 64 | |
| - | /opt/IBM/ldap/V6.1/bin/idslink -l 64 | + | |
| - | Proceed as the 5.3 from now on. | + | |
| - | + | ||
| ==== Start/Stop IBM LDAP ==== | ==== Start/Stop IBM LDAP ==== | ||
| - | <code> | + | <cli prompt='#'> |
| root@itds_server - /root >cat /etc/inittab | grep ldap | root@itds_server - /root >cat /etc/inittab | grep ldap | ||
| ldapd63:2:once: /opt/IBM/ldap/V6.3/sbin/ibmslapd -I ldapdb2 -f/home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf > /dev/console 2>&1 | ldapd63:2:once: /opt/IBM/ldap/V6.3/sbin/ibmslapd -I ldapdb2 -f/home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf > /dev/console 2>&1 | ||
| ids0:2345:once:/opt/IBM/ldap/V6.3/sbin/ibmdiradm -I ldapdb2 > /dev/null 2>&1 #Autostart IBM LDAP Admin Daemon Instance | ids0:2345:once:/opt/IBM/ldap/V6.3/sbin/ibmdiradm -I ldapdb2 > /dev/null 2>&1 #Autostart IBM LDAP Admin Daemon Instance | ||
| idsweb:2:once:/opt/IBM/ldap/V6.3/idstools/bin/startWebadminApp > /dev/null 2>&1 | idsweb:2:once:/opt/IBM/ldap/V6.3/idstools/bin/startWebadminApp > /dev/null 2>&1 | ||
| + | </cli> | ||
| + | |||
| + | <cli prompt='#'> | ||
| root@itds_server - /root >cat /etc/rc.shutdown | root@itds_server - /root >cat /etc/rc.shutdown | ||
| #!/bin/ksh | #!/bin/ksh | ||
| Line 107: | Line 104: | ||
| # Exit 0 is required, else server won t stop | # Exit 0 is required, else server won t stop | ||
| exit 0 | exit 0 | ||
| - | </code> | + | </cli> |
aix/aix_ldap.1609532516.txt.gz · Last modified: 2021/01/01 21:21 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
