LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
7.4.3 PAM_AUTHZ security policy enforcement....................................................................201
7.4.3.1 Authentication using PAM..................................................................................202
7.4.3.2 Authentication with secure shell (ssh) and r-commands..........................................202
7.4.4 Policy file................................................................................................................202
7.4.5 Policy validator........................................................................................................203
7.4.5.1 Example of access rule evaluation......................................................................203
7.4.6 Dynamic variable support.........................................................................................204
7.4.7 Constructing an access rule in the access policy file.....................................................204
7.4.7.1 Fields in an access rule......................................................................................204
7.4.8 Static list access rule................................................................................................208
7.4.9 Dynamic variable access rule ...................................................................................209
7.4.9.1 Supported functions for dynamic variables...........................................................209
7.4.9.2 Example of a dynamic variable access rule.........................................................210
7.4.10 Security policy enforcement with secure shell (ssh) or r-commands.................................210
7.4.10.1 Security policy enforcement access rule .............................................................210
7.4.10.1.1 Example of access rules.............................................................................212
7.4.10.2 Configuring access permissions for global policy attributes...................................212
7.4.10.3 Configuring the PAM configuration file..............................................................213
7.4.10.4 Evaluating the directory server security policy.....................................................213
7.4.10.5 PAM return codes ..........................................................................................214
7.4.10.6 Directory server security policies.......................................................................214
7.5 Adding an HP directory server directory replica..................................................................217
7.6 Adding additional Windows domain controllers..................................................................217
7.7 Managing users and groups.............................................................................................218
7.7.1 LDAP command-line tools for managing HP directory server and Windows ADS users and
groups............................................................................................................................218
7.7.1.1 Listing users (ldapuglist)......................................................................................220
7.7.1.2 Listing groups (ldapuglist)...................................................................................221
7.7.1.3 Adding a user or a group (ldapugadd)................................................................222
7.7.1.3.1 Adding users to an HP directory server or Windows ADS................................223
7.7.1.3.2 Adding a group........................................................................................225
7.7.1.3.3 Modifying defaults in /etc/opt/ldapux/ldapug.conf .....................................226
7.7.1.4 Modifying a user (ldapugmod)............................................................................227
7.7.1.5 Modifying a group (ldapugmod).........................................................................228
7.7.1.6 Deleting a user or a group (ldapugdel)................................................................229
7.7.1.7 Examining the LDAP-UX configuration ..................................................................231
7.7.1.7.1 Verifying whether LDAP-UX is configured........................................................231
7.7.1.7.2 Listing available templates...........................................................................231
7.7.1.7.3 Discovering required attributes.....................................................................232
7.7.1.7.4 Displaying configuration defaults..................................................................232
7.7.1.7.5 Displaying the DN of the LDAP-UX profile......................................................232
7.7.1.7.6 Displaying default search base....................................................................233
7.7.1.7.7 Displaying recommended attributes..............................................................233
7.7.1.7.8 Displaying attribute mapping for a specific name service.................................234
7.7.2 Windows utilities for managing Windows ADS users, groups, and hosts.........................234
7.8 Managing hosts in an LDAP-UX domain.............................................................................235
7.8.1 Adding a host.........................................................................................................235
7.8.2 Modifying a host.....................................................................................................237
7.8.3 Deleting a host........................................................................................................237
7.8.4 Managing IP addresses............................................................................................238
7.8.5 Managing hosts in groups........................................................................................239
7.8.6 Classifying hosts......................................................................................................240
7.8.7 Managing process access rights (proxy_is_restricted)...................................................241
7.9 Managing proxy users.....................................................................................................242
7.9.1 Displaying the proxy user's DN..................................................................................242
8 Contents