aix:user_ldapmaps
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:user_ldapmaps [2022/10/25 10:44] manu |
aix:user_ldapmaps [2022/10/25 10:57] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LDAP map modification ====== | ====== LDAP map modification ====== | ||
| + | |||
| + | ===== LDAP map for AD connection ===== | ||
| My maps to connect to AD, I'm using LDAP RFC2107. | My maps to connect to AD, I'm using LDAP RFC2107. | ||
| - | On AD for each user and group used for AIX, please set the following parameters | + | AIX like every UNIX/Linux, works always with IDs for users as well for groups |
| + | |||
| + | On AD for each user and group used for AIX, please set the following parameters (required). For info, these parameters are simulated throught sssd on linux. | ||
| **User** | **User** | ||
| ^Parameter^Value^comment^ | ^Parameter^Value^comment^ | ||
| |uid|user01|lowercase| | |uid|user01|lowercase| | ||
| - | |unixHomeDirectory|/home/user01@mydomain.lu|lowercase| | + | |unixHomeDirectory|/home/user01|lowercase| |
| |loginShell|/usr/bin/bash|shell: keep bash everywhere| | |loginShell|/usr/bin/bash|shell: keep bash everywhere| | ||
| |gidNumber|1200123456|primary group ID (always aix-group)| | |gidNumber|1200123456|primary group ID (always aix-group)| | ||
| |uidNumber|1200789012|userID| | |uidNumber|1200789012|userID| | ||
| - | **Group** | + | **For info**: homedir can also have a different look : /home/user01@mydomain.lu |
| + | |||
| + | **Group** ALL groups need a gidNumber | ||
| ^Parameter^Value^ | ^Parameter^Value^ | ||
| |name|aix-group| | |name|aix-group| | ||
| Line 35: | Line 41: | ||
| pgid SEC_INT gidnumber s na yes | pgid SEC_INT gidnumber s na yes | ||
| </cli> | </cli> | ||
| + | **time_last_login** is commented because it tries to update the field into AD, which is not allowed | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| Line 111: | Line 118: | ||
| </code> | </code> | ||
| + | ===== For info, AIX default map for AD ===== | ||
| + | |||
| + | Doesn't work by default, as some fields have changed into AD | ||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2user.map | ||
| + | username SEC_CHAR uid s na yes | ||
| + | id SEC_INT uidNumber s na yes | ||
| + | pgrp SEC_CHAR gidNumber s na yes | ||
| + | home SEC_CHAR unixhomeDirectory s na yes | ||
| + | shell SEC_CHAR loginShell s na yes | ||
| + | gecos SEC_CHAR gecos s na yes | ||
| + | spassword SEC_CHAR userPassword s na yes | ||
| + | lastupdate SEC_INT shadowLastChange s days yes | ||
| + | maxage SEC_INT shadowMax s na yes | ||
| + | minage SEC_INT shadowMin s na yes | ||
| + | maxexpired SEC_INT shadowExpire s na yes | ||
| + | pwdwarntime SEC_INT shadowWarning s na yes | ||
| + | pgid SEC_INT gidnumber s na yes | ||
| + | |||
| + | #spassword SEC_CHAR unicodePwd s na yes | ||
| + | #spassword SEC_CHAR unixuserPassword s na yes | ||
| + | </cli> | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | [root@aix01]/root# cat /etc/security/ldap/sfur2group.map | ||
| + | groupname SEC_CHAR cn s na yes | ||
| + | id SEC_INT gidNumber s na yes | ||
| + | users SEC_LIST memberuid m na yes | ||
| + | </cli> | ||
aix/user_ldapmaps.1666687462.txt.gz · Last modified: 2022/10/25 10:44 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
