LDAP with AIX 4.3.3

LDAP with AIX 4.3.3

Post by Steve Bernie » Wed, 26 Apr 2000 04:00:00



Hi everyone!

Did anybody use LDAP with AIX 4.3.3?

It seems that the documentation is poor for things like ADDING user,
etc etc?

We may want to move to LDAP (/etc/group too large, too many users,
etc) but need some help on the admin part of LDAP.

Thanks,

Steve Bernier

 
 
 

LDAP with AIX 4.3.3

Post by Theary LOC » Thu, 27 Apr 2000 04:00:00


Hello Steve,

Well I got the same problem. ("Too many users in groups")
I am told to use LDAP But I only find this at IBM's:
http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/aixbman/baseadmn/m...

Have you some more links ? ;-).
We also want to move to LDAP.

Regards,
Theary LOCH.


Quote:> Hi everyone!

> Did anybody use LDAP with AIX 4.3.3?

> It seems that the documentation is poor for things like ADDING user,
> etc etc?

> We may want to move to LDAP (/etc/group too large, too many users,
> etc) but need some help on the admin part of LDAP.

> Thanks,

> Steve Bernier


 
 
 

LDAP with AIX 4.3.3

Post by cba.. » Thu, 27 Apr 2000 04:00:00


I have been doing some experimentation with LDAP authentication for AIX
4.3.3, but have run into some showstopper bugs:

- User membership in other groups (i.e. wheel) does not seem to be set
up properly.

- The system sometimes misbehaves badly in the even of an LDAP server
crash - the login process can get hung up really bad, even for users
that are not set to use LDAP authentication.

I have calls into IBM for these problems, but as yet have not received
any solutions.  I would suggest trying it out on non-critical servers
before making any commitments.

Good luck...

Cory.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

LDAP with AIX 4.3.3

Post by Theary LOC » Thu, 27 Apr 2000 04:00:00


So I can't try LDAP techology on my servers cuz they are
all critical !!

I got to wait & see i guess ...

Theary.


> X-No-Archive: YES


> > I have been doing some experimentation with LDAP authentication for AIX
> > 4.3.3, but have run into some showstopper bugs:

> > - User membership in other groups (i.e. wheel) does not seem to be set
> > up properly.

> All groups for an LDAP user, and all users for an LDAP group, must
> be defined in LDAP.  This is required so that if, for example, LDAP
> and NIS+ were combined and "bob" was in "developers", "managers"
> and "employees" and "employees" was an NIS+ group which didn't
> exist on another non-NIS+ host, "bob" would still be able to log in.

> > - The system sometimes misbehaves badly in the even of an LDAP server
> > crash - the login process can get hung up really bad, even for users
> > that are not set to use LDAP authentication.

> I'm not sure I understand what you're describing.

> There are several parts you could call "the LDAP server".  If you
> are talking about the really-real LDAP server (as opposed to the
> security daemon that runs on LDAP clients and speaks LDAP to
> the LDAP server), that shouldn't be happening at all.  The other
> one, where the LDAP "client side daemon" (secldapclntd process)
> dies, also shouldn't cause problems.  Things =should= degrade
> rather nicely.

> The worst case I can see is if the LDAP server is still up and
> running and accepting requests but doesn't acknowledge them.
> That could cause problems.

> As regards why you'd see spillover into non-LDAP authenticated
> users, please keep in mind that user information and user
> authentication aren't tightly bound.  You can have an LDAP
> authenticated user who gets their information from NIS+ and
> vice versa.  The "SYSTEM" attribute specifies where a user
> gets authenticated, not where the user's definition resides.

> > I have calls into IBM for these problems, but as yet have not received
> > any solutions.  I would suggest trying it out on non-critical servers
> > before making any commitments.

> As with all new technologies, this is very good advice.

> -- Julie.

 
 
 

LDAP with AIX 4.3.3

Post by Theary LOC » Thu, 27 Apr 2000 04:00:00


Well I got a small RS/6000 43P running AIX 4.3.3 on my desk ...
But how can i test LDAP under real conditions ? All my Unix
boxes are NIS Clients of another one. Can I define one (or
more) of my NIS clients boxes as a LDAP client of my 43P ?
Can LDAP / NIS work together ?

Yo;-)!
Theary.


> X-No-Archive: YES



> > So I can't try LDAP techology on my servers cuz they are
> > all critical !!

> You don't have any non-critical systems at all?  You can
> set up LDAP on a tiny little box.  You don't have to install
> it on a large server.  The lab machines we used for
> development and testing ranged from small and old to
> newer and bigger and faster.  I did all of my testing on my
> own machine which is something like a 43P.  Some people
> might argue that my machine isn't critical ;-)

> -- Julie.

 
 
 

1. Authentication with LDAP on AIX 4.3.3

I have some question about authentication on AIX via LDAP.

1) It works? It is stable?

2) It's compatible with RFC 2307?

3) How can I reverse to standard authentication. Documentation doesn't
   mention anything.

Alberto Brosich
System Manager
University of Trieste
Italy

2. problem with plip

3. LDAP and AIX 4.2.1?

4. . Windows 3D Game Programmer - Direct3D and/or OpenGL programming experience

5. LDAP for AIX 5.1

6. Apache and LinuxPPC

7. LDAP on AIX 5.2

8. Want to clear supplementary group list

9. WU_FTPD and LDAP for AIX 4.3.3

10. Freeware LDAP for AIX?

11. anyone using LDAP for AIX authenication?

12. SUN LDAP, Netscape LDAP (SUN), OPENLDAP, which one?????

13. LDAP over SSL using OpenLDAP/OpenSSL/Cyrus SASL with Netscape's LDAP server