HACMP and LDAP

[chrisbrookes]

I have a HACMP cluster in which I want to sync the AIX unix passwords between the systems. For various reason I am not allowed to use NIS on the site.
I have noticed that AIX 4.3.3 has LDAP (directory server)
bundled with it. Does anyone know if it is possible to
change the entries in the etc/password or /etc/security/password to point at an LDAP server for password checking.

 

[Guest_imported]

IBM is moving towards using LDAP to store user information in a central area. So, you would have very minimal entries in /etc/passwd and the system would talk to the LDAP server for everything else (as in NIS) via the /usr/sbin/secldapclntd daemon.

Once your LDAP server is up and running, you can have users authenticate to the LDAP server by setting the SYSTEM attribute to "LDAP OR compat" in their stanza in the /etc/security/user file. By using the -R LDAP flag with the *user commands (i.e., mkuser -R LDAP ...) you can use your basic AIX tools to manage users on the LDAP server.

You probably need to know that the install is a real bear. We have the basic setup working, but have problems setting up SSL connections. For a handful of systems, LDAP is quite a bit of work to set up. (I'm hoping the installs will get easier with time).


In AIX 5L, LDAP and Kerberos will be central parts of the authentication system.

 

[Guest_imported]

Further to this response I have carried out a great deal
of work on this.
The stage I am at is you need ldap 3.2, downloaded from the IBM site with AIx 4.3.3 rml06.

chris.