分享
 
 
 

AIX5.2基于LDAP的用户管理

王朝other·作者佚名  2006-11-23
窄屏简体版  字體: |||超大  

第一步,在 AIX 5.2上的初始安装

建立用户认证所需要的所有代码都位于AIX系统安装光盘里,要求AIX的文件集bos.rte.security的版本必须是 AIX 5.2.0.2以上。首先要用AIX操作系统光盘来安装LDAP,同时也安装了DB2。需要安装的文件集如下所示:

# lslpp -l | grep ldap

cifs.base.ldap 3.1.2.0 COMMITTED Fast Connect Ldap Client

http_server.modules.ldap 1.3.19.3 COMMITTED HTTP Server LDAP Module

http_server.modules.ldap.128

ldap.client.adt 4.1.0.0 COMMITTED IBM Directory Client SDK

ldap.client.dmt 4.1.0.0 COMMITTED IBM Directory Client DMT

ldap.client.java 4.1.0.0 COMMITTED IBM Directory Client Java

ldap.client.rte 4.1.0.0 COMMITTED IBM Directory Client Runtime

ldap.html.en_US.config 4.1.0.0 COMMITTED IBM Directory Install/Config

ldap.html.en_US.man 4.1.0.0 COMMITTED IBM Directory Man Pages - U.S.

ldap.max_crypto_client.adt

ldap.max_crypto_client.java

ldap.max_crypto_client.rte

ldap.max_crypto_server.admin

ldap.max_crypto_server.com

ldap.msg.en_US 4.1.0.0 COMMITTED IBM Directory Messages - U.S.

ldap.server.admin 4.1.0.0 COMMITTED IBM Directory Server

ldap.server.cfg 4.1.0.0 COMMITTED IBM Directory Server Config

ldap.server.com 4.1.0.0 COMMITTED IBM Directory Server Framework

ldap.server.rte 4.1.0.0 COMMITTED IBM Directory Server Runtime

ldap.client.rte 4.1.0.0 COMMITTED IBM Directory Client Runtime

ldap.server.admin 4.1.0.0 COMMITTED IBM Directory Server

ldap.server.cfg 4.1.0.0 COMMITTED IBM Directory Server Config

ldap.server.com 4.1.0.0 COMMITTED IBM Directory Server Framework

#

# lslpp -l | grep db2

db2_07_01.client 7.1.0.40 COMMITTED Client Application Enabler

db2_07_01.cnvucs 7.1.0.40 COMMITTED Code Page Conversion Tables -

db2_07_01.conn 7.1.0.40 COMMITTED Connect

db2_07_01.conv.jp 7.1.0.40 COMMITTED Code Page Conversion Tables -

db2_07_01.conv.kr 7.1.0.40 COMMITTED Code Page Conversion Tables -

db2_07_01.conv.sch 7.1.0.40 COMMITTED Code Page Conversion Tables -

db2_07_01.conv.tch 7.1.0.40 COMMITTED Code Page Conversion Tables -

db2_07_01.cs.drda 7.1.0.40 COMMITTED Communication Support - DRDA

db2_07_01.cs.ipx 7.1.0.40 COMMITTED Communication Support - IPX

db2_07_01.cs.rte 7.1.0.40 COMMITTED Communication Support - TCP/IP

db2_07_01.cs.sna 7.1.0.40 COMMITTED Communication Support - SNA

db2_07_01.das 7.1.0.40 COMMITTED Administration Server

db2_07_01.db2.engn 7.1.0.40 COMMITTED Engine

db2_07_01.db2.rte 7.1.0.40 COMMITTED Run-time Environment

db2_07_01.db2.samples 7.1.0.40 COMMITTED Sample Database Source

db2_07_01.elic 7.1.0.40 COMMITTED Product Signature for UDB

db2_07_01.jdbc 7.1.0.40 COMMITTED Java Support

db2_07_01.tspf 7.1.0.40 COMMITTED Transformer Stored Procedure

From August 2003 code:

# lslpp -l bos.rte.security

Fileset Level State Description

----------------------------------------------------------------------------

Path: /usr/lib/objrepos

bos.rte.security 5.2.0.10 COMMITTED Base Security Function

Path: /etc/objrepos

bos.rte.security 5.2.0.0 COMMITTED Base Security Function

第二步,在AIX5.2系统上配置服务器

注意:1.环境变量LANG是很重要的,使用不同于en_US的LANG变量可能会发生很多问题,建议执行如下命令:

# export LANG=en_US

2.要保证/home文件系统有至少35MB的空闲空间

按照下面的步骤来配置服务器和客户机

1. 运行mksecldap命令来建立服务器

这将开始给LDAP目录树分派一个密码,启动slapd子系统并且从本地的/etc/security/passwd文件里调用AIX用户,这些也能在后面手动添加。这下面的例子里我们选择使用RFC2307认证协议。

root@regatta01

[/tmp]# mksecldap -s -a cn=admin -p just4ldap -S rfc2307aix

File System size changed to 262144

Creating the directory DB2 default database.

This operation may take a few minutes.

Cannot open message catalog file ldapadm.cat.

Configuring the database.

Creating database instance: ldapdb2.

Created database instance: ldapdb2.

Starting database manager for instance: ldapdb2.

Started database manager for instance: ldapdb2.

Creating database: ldapdb2.

Created database: ldapdb2.

Updating configuration for database: ldapdb2.

Updated configuration for database: ldapdb2.

Completed configuration of the database.

IBM Directory Server Configuration complete.

Password for administrator DN cn=admin has been set.

IBM Directory Server Configuration complete.

Cannot open message catalog file slapd.cat.

Plugin of type EXTENDEDOP is successfully loaded from libevent.a.

Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.

Plugin of type PREOPERATION is successfully loaded from libDSP.a.

Plugin of type EXTENDEDOP is successfully loaded from libevent.a.

Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.

Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.a.

Plugin of type AUDIT is successfully loaded from /usr/ccs/lib/libsecldapaudit.a(

shr.o).

Plugin of type EXTENDEDOP is successfully loaded from libevent.a.

Plugin of type EXTENDEDOP is successfully loaded from libtranext.a.

Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.a.

modifying entry cn=schema

modifying entry cn=schema

migrating users/groups to LDAP server.

2.运行mksecldap -c命令建立客户机

在相同主机上使用“ -h localhost”参数, 如果是在别的主机上请使用这个参数指向LDAP服务器。

# mksecldap -c -a cn=admin -p just4ldap -h localhost -S rfc2307aix

3.使用lsuser命令来检查看是否数据库被调用

# lsuser -R LDAP ALL

daemon id=1 pgrp=staff groups=staff,daemon home=/etc login=true ...

...

4. 添加一个新LDAP用户

# mkuser -R LDAP testu1

# chuser registry=LDAP SYSTEM=LDAP testu1

# passwd -R LDAP testu1

Changing password for "testu1"

testu1's New password:

Enter the new password again:

# lsuser testu1

testu1 id=219 pgrp=staff groups=staff home=/home/testu1...

registry=LDAP SYSTEM=LDAP

# lsuser -R LDAP testu1

testu1 id=219 pgrp=staff groups=staff home=/home/testu1 ...

registry=LDAP SYSTEM=LDAP

# grep testu1 /etc/security/*

/etc/security/user:

testu1:

SYSTEM = "LDAP"

registry = LDAP

注意:没有 /etc/security/passwd条目

5. 以新用户身份登录系统

AIX Version 5

(C) Copyrights by IBM and by others 1982, 2002.

login: testu1

testu1's Password:

You are required to change your password. Please choose a new one.

testu1's New password:

Re-enter testu1's new password:

下面是显示了当用户testu1登录时,跟踪到的389端口(ldap的端口)发生的通信情况:

Packet Number 1 to port 389 - request user defaults

00000000 304a0202 00fb6344 04216f75 3d616978 |0J....cD.!ou=aix|

00000010 75736572 2c636e3d 61697873 65636462 |user,cn=aixsecdb|

00000020 2c636e3d 61697864 6174610a 01020a01 |,cn=aixdata.....|

00000030 00020100 02010001 0100a30e 04037569 |..............ui|

00000040 64040764 65666175 6c743000 |d..default0. |

Packet Number 2 from port 389 - returns user defaults

00000000 3082046d 020200fb 64820465 042d7569 |0..m....d..e.-ui|

00000010 643d6465 6661756c 742c6f75 3d616978 |d=default,ou=aix|

00000020 75736572 2c636e3d 61697873 65636462 |user,cn=aixsecdb|

00000030 2c636e3d 61697864 61746130 82043230 |,cn=aixdata0..20|

00000040 10040375 69643109 04076465 6661756c |...uid1...defaul|

00000050 74304904 0b6f626a 65637463 6c617373 |t0I..objectclass|

...

00000430 6e66696c 656c696d 69743106 04043230 |nfilelimit1...20|

00000440 30303011 040a6169 78736372 65656e73 |000...aixscreens|

00000450 31030401 2a301a04 0b616978 66756e63 |1...*0...aixfunc|

00000460 6d6f6465 310b0409 726f6c65 732b6163 |mode1...roles+ac|

00000470 6c |l |

Packet Number 3 from ldap port

00000000 300d0202 00fb6507 0a010004 000400 |0.....e........ |

Packet Number 4 to ldap port

00000000 304a0202 00fc6344 04216f75 3d616978 |0J....cD.!ou=aix|

00000010 75736572 2c636e3d 61697873 65636462 |user,cn=aixsecdb|

00000020 2c636e3d 61697864 6174610a 01020a01 |,cn=aixdata.....|

00000030 00020100 02010001 0100a30e 04097569 |..............ui|

00000040 646e756d 62657204 01303000 |dnumber..00. |

Packet Number 5 from ldap port

00000000 300d0202 00fc6507 0a010004 000400 |0.....e........ |

Packet Number 6 to ldap port - requests testu1 info

00000000 3081df02 0200fd66 81d8042c 7569643d |0......f...,uid=|

00000010 74657374 75312c6f 753d6169 78757365 |testu1,ou=aixuse|

00000020 722c636e 3d616978 73656364 622c636e |r,cn=aixsecdb,cn|

00000030 3d616978 64617461 3081a730 240a0102 |=aixdata0..0$...|

00000040 301f040f 69787469 6d656c61 73746c6f |0...ixtimelastlo|

00000050 67696e31 0c040a31 30363032 30383438 |gin1...106020848|

00000060 3330260a 01023021 04117465 726d696e |30&...0!..termin|

00000070 616c6c61 73746c6f 67696e31 0c040a2f |allastlogin1.../|

00000080 6465762f 7074732f 3530330a 0102302e |dev/pts/503...0.|

00000090 040d686f 73746c61 73746c6f 67696e31 |..hostlastlogin1|

000000a0 1d041b73 69672d39 2d36352d 35342d31 |...sig-9-65-54-1|

000000b0 32302e6d 74732e69 626d2e63 6f6d3022 |20.mts.ibm.com0"|

000000c0 0a010230 1d041675 6e737563 63657373 |...0...unsuccess|

000000d0 66756c6c 6f67696e 636f756e 74310304 |fullogincount1..|

000000e0 0130 |.0 |

Packet Number 8 - from ldap server - ?

00000000 300d0202 00fd6707 0a010004 000400 |0.....g........ |

Packet Number 9 - to ldap servedr - request testu1 groupid

00000000 30540202 00fe634e 04216f75 3d616978 |0T....cN.!ou=aix|

00000010 75736572 2c636e3d 61697873 65636462 |user,cn=aixsecdb|

00000020 2c636e3d 61697864 6174610a 01020a01 |,cn=aixdata.....|

00000030 00020100 02010001 0100a30d 04037569 |..............ui|

00000040 64040674 65737475 313

[1] [2] 下一页

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有