RBAC role with Ldap user

LinuxLover · 12-15-2009, 12:30 AM

I am using openldap for user authentication on Solaris 10 machines.

Now I want to use rbac when I create the role in system it create succefully.But when I try to add some user It give me error message.

Code:

-bash-3.00# usermod -R operrole ktahir01
UX: usermod: ERROR: ktahir01 is not a local user.

How can I add ldap users in rbac role?

acid_kewpie · 12-15-2009, 02:07 AM

you'd change the group on the ldap server, not the local machine.

LinuxLover · 12-15-2009, 02:23 AM

Thanks for you reply,

Sir, can you elabroate litte bit in detail.
How can I add this in ldap.

You mean I need to create role on ldap etc ?

jlliagre · 12-15-2009, 02:33 AM

The message (and usermod documentation) is rightly telling this command is only for local users, i.e. those defined in /etc/passwd.
For ldap users, the SolarisAuthAttr container should be updated instead.

LinuxLover · 12-15-2009, 11:13 AM

Thanks for you reply,

Quote:

For ldap users, the SolarisAuthAttr container should be updated instead

Sir

where is that SolarisAuthAttr container ?

jlliagre · 12-15-2009, 02:59 PM

There should be a top branch named ou=SolarisAuthAttr that will contain these user settings on your directory server.
The auth_attr table should also be set to be searched in ldap in /etc/nsswitch.conf.