aix:user_ldapmaps
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:user_ldapmaps [2021/09/29 14:06] manu [lastupdate] |
aix:user_ldapmaps [2022/10/25 10:57] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LDAP map modification ====== | ====== LDAP map modification ====== | ||
| - | # cat /etc/security/ldap sfur2user.map | + | ===== LDAP map for AD connection ===== |
| + | |||
| + | My maps to connect to AD, I'm using LDAP RFC2107. | ||
| + | |||
| + | AIX like every UNIX/Linux, works always with IDs for users as well for groups | ||
| + | |||
| + | On AD for each user and group used for AIX, please set the following parameters (required). For info, these parameters are simulated throught sssd on linux. | ||
| + | |||
| + | **User** | ||
| + | ^Parameter^Value^comment^ | ||
| + | |uid|user01|lowercase| | ||
| + | |unixHomeDirectory|/home/user01|lowercase| | ||
| + | |loginShell|/usr/bin/bash|shell: keep bash everywhere| | ||
| + | |gidNumber|1200123456|primary group ID (always aix-group)| | ||
| + | |uidNumber|1200789012|userID| | ||
| + | |||
| + | **For info**: homedir can also have a different look : /home/user01@mydomain.lu | ||
| + | |||
| + | **Group** ALL groups need a gidNumber | ||
| + | ^Parameter^Value^ | ||
| + | |name|aix-group| | ||
| + | |gidNumber|1200123456| | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2user.map | ||
| + | username SEC_CHAR uid s na yes | ||
| + | id SEC_INT uidNumber s na yes | ||
| + | pgrp SEC_CHAR gidNumber s na yes | ||
| + | home SEC_CHAR unixhomeDirectory s na yes | ||
| + | shell SEC_CHAR loginShell s na yes | ||
| + | gecos SEC_CHAR gecos s na yes | ||
| + | spassword SEC_CHAR unicodePwd s | ||
| + | lastupdate SEC_INT pwdLastSet s UTC no | ||
| + | #time_last_login SEC_INT lastLogon s UTC no | ||
| + | maxage SEC_INT codePage s na yes | ||
| + | minage SEC_INT shadowMin s na yes | ||
| + | maxexpired SEC_INT shadowExpire s na yes | ||
| + | pwdwarntime SEC_INT shadowWarning s na yes | ||
| + | pgid SEC_INT gidnumber s na yes | ||
| + | </cli> | ||
| + | **time_last_login** is commented because it tries to update the field into AD, which is not allowed | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2group.map | ||
| + | groupname SEC_CHAR cn s na yes | ||
| + | id SEC_INT gidNumber s na yes | ||
| + | users SEC_LIST member m na yes | ||
| + | </cli> | ||
| ===== username ===== | ===== username ===== | ||
| Line 71: | Line 118: | ||
| </code> | </code> | ||
| + | ===== For info, AIX default map for AD ===== | ||
| + | |||
| + | Doesn't work by default, as some fields have changed into AD | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2user.map | ||
| + | username SEC_CHAR uid s na yes | ||
| + | id SEC_INT uidNumber s na yes | ||
| + | pgrp SEC_CHAR gidNumber s na yes | ||
| + | home SEC_CHAR unixhomeDirectory s na yes | ||
| + | shell SEC_CHAR loginShell s na yes | ||
| + | gecos SEC_CHAR gecos s na yes | ||
| + | spassword SEC_CHAR userPassword s na yes | ||
| + | lastupdate SEC_INT shadowLastChange s days yes | ||
| + | maxage SEC_INT shadowMax s na yes | ||
| + | minage SEC_INT shadowMin s na yes | ||
| + | maxexpired SEC_INT shadowExpire s na yes | ||
| + | pwdwarntime SEC_INT shadowWarning s na yes | ||
| + | pgid SEC_INT gidnumber s na yes | ||
| + | |||
| + | #spassword SEC_CHAR unicodePwd s na yes | ||
| + | #spassword SEC_CHAR unixuserPassword s na yes | ||
| + | </cli> | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2group.map | ||
| + | groupname SEC_CHAR cn s na yes | ||
| + | id SEC_INT gidNumber s na yes | ||
| + | users SEC_LIST memberuid m na yes | ||
| + | </cli> | ||
aix/user_ldapmaps.1632917212.txt.gz · Last modified: 2021/09/29 14:06 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
