Manualshelf

Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software
71727374757677787980
Access Control
By default, users defined in the LDAP database are able to log into every system which uses that
database in conjunction with the LDAP Module for System Authentication. If you want to limit user
access to specific systems, use the access control files /etc/ldapusers.deny and /etc/
ldapusers.allow.
A default /etc/ldapusers.deny file is provided at installation time. Included are all of the
standard system users: root, bin, daemon, and so on. If you want to deny access to a user, add
that user's name to the /etc/ldapusers.deny file.
If you want to disallow access to all but a few users, use the /etc/ldapusers.allow file. If the
/etc/ldapusers.allow file exists on a system, only users listed in that file are allowed to log
in using LDAP authentication. Note that this is true even if /etc/ldapusers.allow is empty —
its very existence invokes the stricter access control rules.
Utilities for Maintaining User Information in the LDAP Directory Server
The Internet Express software kit includes several utilities that you can use to maintain the extended
LDAP directory server shipped with Internet Express. The following utilities, summarized in Table 5,
are installed in the /usr/internet/ldap_tools directory:
ldap_checkSection : Checking the LDAP Server Configuration
passwd_extractSection : Extracting Users from the /etc/passwd File
ldap_add_userSection : Adding a User Entry
ldap_del_userSection : Deleting a User Entry
ldap_get_userSection : Retrieving a User Entry
ldap_sync_userSection : Synchronizing with a Password File
ldap_add_groupSection : Adding a Group Entry
ldap_mod_groupSection : Maintaining Group Membership
ldap_del_groupSection : Deleting a Group Entry
ldap_get_groupSection : Retrieving a Group Entry
ldap_passwdSection : Setting a User's Password in the LDAP Directory Server
ldap_enableSection : Starting the ldapcd Daemon
ldap_disableSection : Stopping the ldapcd Daemon
78 User Authentication