Openldap how to use RFC2307AIX schema which support aixAuxAccount objectClass

StackOverflow https://stackoverflow.com/questions/22834753

  •  26-06-2023
  •  | 
  •  

Question

I'm setting up an Openldap system with two machines, include one Openldap Server (Redhat 6.4) and one Openldap Client (AIX 6.1)

Now I could create LDAP User and login in AIX machine with that account.

However, I want to use hostsdeniedlogin and hostsallowedlogin those are two attributes of objectClass aixauxaccount but my Openldap server doesn't have any Object like that.

I found an aix2307aix.schema on internet, but don't know how to use it. rfc2307aix.schema

Beside that file, I also found: a file names nisSchema.ldif which have content in the following form:

dn:cn=schema
changetype: modify
replace: objectclasses
objectclasses: (
  1.3.18.0.2.6.472
  NAME 'aixAuxAccount'
  DESC 'Auxiliary AIX user information objectclass, for use with posixaccount an
d shadowaccount objectclasses'
  SUP top
  AUXILIARY
  MAY ( passwordChar $ adminGroupNames $ aIXDefaultMACLevel $ aIXFuncMode $ aIXi
sDCEExport $ aIXLowMACLevel $ aIXPromptMAC $ aIXScreens $ aIXUpperMACLevel $ aud
itClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cPuS
ize $ cPuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit
 $ fileSizeLimitHard $ groupList $ groupSwitchUserAllowed $ hostLastLogin $ host
LastUnsuccessfulLogin $ hostsAllowedLogin $ hostsDeniedLogin $ isAdministrator $
 isAccountEnabled $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitch
UserAllowed $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginTimes $ maxFa
iledLogins $ maxLogin $ openFileLimit $ openFileLimitHard $ passwordCheckMethods
 $ passwordDictFiles $ passwordExpireTime $ passwordHistSize $ passwordMaxRepeat
edChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ pas
swordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ StackS
izeLimit $ StackSizeLimitHard $ SystemEnvironment $ terminalAccess $ terminalLas
tLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $
 trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordFlags )
  )

And I just found the way to add the rfc2307aix.schema file as the following link how-to-add-a-new-schema-to-openldap

that schema seem to be added successfully, but I stuck with that nisSchema.ldif file found on AIX.

I attempted to use ldapadd, but not successful.

modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

Anyone know how to deal with this, please help!

Was it helpful?

Solution

I already had that "aixAuxAccount" ObjectClass. My AIX Client working fine now with 'hostsdeniedlogin' attribute. I had to clear the client cache and reconnect the Ldap Admin Tool to see the change. And don't need to use the nisSchema.ldif

For those, who dont know how to use the rfc2307aix.schema, please follow this thread:

how-to-add-a-new-schema-to-openldap

Thank you, for your attention and helps.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top