Cybersecurity
DevOps Cloud
IT Operations Cloud
# mksecldap -c -h ldapserver1.mycompany.com -a cn=admin,o=org -p password
# mksecldap -c -h myserver2.yourdomain.com -a cn=admin,o=novell -p password -n 1636
# mksecldap -c -h anotherserver -a cn=admin,o=org -p password -k /usr/ldap/key.kdb -w
letmein
# mksecldap -c -h ldapserver1 -a cn=admin,o=novell -p password -u tjames,rking
3004-007 You entered an invalid login name or password.
Attributes |
Description |
ldapservers |
Comma separated list of LDAP servers |
ldapadmin |
LDAP server administrator DN or privileged bindDN |
ldapadmpwd |
Administrator bind password |
userattrmappath |
Path to user attribute map |
groupattrmappath |
Path to group attribute map |
idattrmappath |
Path to id attribute map |
userbasedn |
Parent DN where user entries are stored |
groupbasedn |
Parent DN where group entries are stored |
idbasedn |
Parent DN where id entry is stored |
ldapport |
LDAP server listening port |
# /usr/sbin/secldapclntd
# /usr/sbin/lsuser -R LDAP tjames
# /usr/sbin/mkitab "ldapclntd:2:once: /usr/sbin/secldapclntd >dev/console 2>&1"
# chuser SYSTEM=LDAP registry=LDAP tjames
# chuser SYSTEM=LDAP registry=LDAP tjames
# mkuser -R LDAP hostsallowedlogin=ldapserver tjames
# chuser -R LDAP hostsdeniedlogin=ldapserver rking
# chuser -R LDAP hostsallowedlogin=192.168.0/24 rking
# mksecldap -c -h servername -a adminFDN -p pwd -k /usr/ldap/etc/mykey.kdb -p password
/etc/security/ldap/ldap.cfg
# Comma separated list of ldap servers this client talks to
#ldapservers:myldapserver.ibm.com
# LDAP server bindDN
#ldapadmin:cn=admin
# LDAP server bindDN password
#ldapadmpwd:secret
# Whether to use SSL to communicate with the LDAP server. Valid value
# is either "yes" or "no". Default is "no".
# Note: you need a SSL key and a password to the key to enable this.
#useSSL: no
# SSL key file path and key password
#ldapsslkeyf:/tmp/key.kdb
#ldapsslkeypwd:mykeypwd
# AIX-LDAP attribute map path.
#userattrmappath:/etc/security/ldap/aixuser.map
#groupattrmappath:/etc/security/ldap/aixgroup.map
#idattrmappath:/etc/security/ldap/aixid.map
# Base DN where the user and group data are stored in the LDAP server.
# e.g., if user foo's DN is: username=foo,ou=aixuser,cn=aixsecdb
# then the user base DN is: ou=aixuser,cn=aixsecdb
#userbasedn:ou=aixuser,cn=aixsecdb,cn=aixdata
#groupbasedn:ou=aixgroup,cn=aixsecdb,cn=aixdata
#idbasedn:cn=aixid,ou=system,cn=aixsecdb,cn=aixdata
#hostbasedn:ou=hosts,cn=nisdata,cn=aixdata
#servicebasedn:ou=services,cn=nisdata,cn=aixdata
#protocolbasedn:ou=protocols,cn=nisdata,cn=aixdata
#networkbasedn:ou=networks,cn=nisdata,cn=aixdata
#rpcbasedn:ou=rpc,cn=nisdata,cn=aixdata
# LDAP class definitions.
#userclasses:aixaccount,ibm-securityidentities
#groupclasses:aixaccessgroup
# LDAP server version. Valid values are 2 and 3. Default is 3.
#ldapversion:3
# LDAP server port. Default to 389 for non-SSL connection and
# 636 for SSL connection
#ldapport:389
#ldapsslport:636
# Follow aliases. Valid values are NEVER, SEARCHING, FINDING, and
# ALWAYS. Default is NEVER.
#followaliase:NEVER
# Number of user cache entries. Valid value is 100 - 10000 entries.
# Default is 1000.
#usercachesize: 1000
# Number of group cache entries. Valid value is 10 - 1000 entries.
# Default is 100.
#groupcachesize: 100
# Cache timeout value in seconds. Valid value is 60 - 60*60 seconds.
# Default is 300. Set to 0 to disable caching
#cachetimeout: 300
# Time interval in seconds that the secldapclntd daemon contact the
# LDAP server for server status. Valid value is 60 - 60*60 seconds.
# Default is 300.
#heartbeatinterval: 300
# Number of threads the secldapclntd daemon uses to to process jobs.
#Valid value is 1 - 1000. Default is 10
#numberofthread: 10