LDAP-UX Client Services B.05.00 Administrator's Guide
5.3.3 PAM_AUTHZ supports security policy enforcement...........................................................142
5.3.3.1 Authentication using LDAP..........................................................................................142
5.3.3.2 Authentication with secure shell (ssh) and r-commands..............................................142
5.3.4 Policy file...............................................................................................................................143
5.3.5 Policy validator......................................................................................................................144
5.3.5.1 An example of access rule evaluation...........................................................................144
5.3.6 Dynamic variable support.....................................................................................................145
5.3.7 Constructing an access rule in the access policy file.............................................................146
5.3.7.1 Fields in an access rule..................................................................................................146
5.3.8 Static list access rule..............................................................................................................150
5.3.9 Dynamic variable access rule ...............................................................................................151
5.3.9.1 Supported functions for dynamic variables..................................................................151
5.3.9.2 Examples.......................................................................................................................152
5.3.10 Security policy enforcement with secure shell (ssh) or r-commands..................................153
5.3.10.1 Security policy enforcement access rule .....................................................................153
5.3.10.1.1 An example of access rules..................................................................................154
5.3.10.2 Setting access permissions for global policy attributes...............................................154
5.3.10.3 Configuring the PAM configuration file.....................................................................155
5.3.10.4 Evaluating the directory server security policy..........................................................155
5.3.10.5 PAM return codes .......................................................................................................155
5.3.10.6 Directory server security policies................................................................................156
5.4 Adding a directory replica............................................................................................................158
5.5 Managing users and groups..........................................................................................................159
5.5.1 LDAP user and group command-line tools..........................................................................159
5.5.2 Listing users...........................................................................................................................161
5.5.3 Listing groups........................................................................................................................162
5.5.4 Adding a user or a group......................................................................................................163
5.5.4.1 Adding users.................................................................................................................164
5.5.4.2 Examples of adding a user ...........................................................................................164
5.5.4.3 Examples of adding a group.........................................................................................166
5.5.4.4 Modifying defaults in /etc/opt/ldapux/ldapug.conf ....................................................167
5.5.5 Modifying a user ...................................................................................................................168
5.5.6 Modifying a group................................................................................................................169
5.5.7 Deleting a user or a group.....................................................................................................170
5.5.7.1 Examples.......................................................................................................................170
5.5.8 Examining the LDAP-UX configuration ..............................................................................171
5.5.8.1 Checking if LDAP-UX is configured.............................................................................171
5.5.8.2 Listing available templates............................................................................................172
5.5.8.3 Discovering required attributes....................................................................................172
5.5.8.4 Displaying configuration defaults.................................................................................172
5.5.8.5 Displaying the LDAP-UX profile's DN.........................................................................173
5.5.8.6 Displaying default search base......................................................................................173
5.5.8.7 Displaying recommended attributes.............................................................................173
5.5.8.8 Displaying attribute mapping for a specific name service............................................174
5.6 Managing hosts in an LDAP-UX domain......................................................................................174
5.6.1 Adding a host........................................................................................................................174
5.6.2 Modifying a host....................................................................................................................176
5.6.3 Deleting a host.......................................................................................................................176
5.6.4 Managing IP addresses..........................................................................................................177
5.6.5 Managing hosts in groups.....................................................................................................178
5.6.6 Classifying hosts....................................................................................................................179
5.6.7 Managing process access rights (proxy_is_restricted)..........................................................180
5.7 Displaying the proxy user's DN....................................................................................................182
5.8 Verifying the proxy user................................................................................................................182
5.9 Creating a new proxy user............................................................................................................182
6 Table of Contents