Sets up an AIX cluster to use LDAP for security authentication and data management.
mksecldap -server [-a adminDN] [-p adminpasswd] [-k ssl key file path]
mksecldap -client [-h hostlist] [-d AixTreeDN] [-u ALL|userlist] [-a adminDN] [-p adminpasswd] [-k ssl key file path] [-w client certificate password] [-t timeout]
Note: This command can be run by root user only.
The mksecldap command sets up an AIX cluster consisting of one server, and one or more clients to use LDAP for security authentication and data management. This command must be run on the server and all the clients.
Note: The client (-c flag) and the server (-s flag) options cannot be run at the same time. When setting up a server, the mksecldap command should be run twice on that machine. Once to set up the server, and again to set up the client.
On the server side, the mksecldap command:
On the client side, the mksecldap command:
On the server side:
On the client side:
-cclient | Indicates the command is being run to setup the client. |
-hhostlist | Specifies a comma separated list of hostnames (server and backup server). |
-dAIXTreeDN | Specifies DN of the AIX subtree. |
-uuserlist ALL| | Specifies the comma separated list of usernames. ALL to enable all users on the client. |
-aadminDN | Specifies the adminDN to be used. |
-padminpasswd | Specifies the cleartext password for the adminDN. |
-kssl key file path | Specifies the path to the ssl key certificate. |
-wclient certificate password | Password for the key certificate. |
-tmaxtimeout | Amount of time the daemon will wait before unbinding with the server if there is no activity. |
Mode | File |
---|
r | /etc/passwd |
r | /etc/group |
r | /etc/security/passwd |
r | /etc/security/limits |
r | /etc/security/user (on the server) |
rw | /etc/security/user (on the clients) |
r | /etc/security/environ |
r | /etc/security/user.roles |
r | /etc/security/lastlog |
r | /etc/security/smitacl.user |
r | /etc/security/mac_user |
r | /etc/security/group |
r | /etc/security/smitacl.group |
r | /etc/security/roles |
rw | /etc/security/login.cfg (on the server) |
rw | /etc/slapd.conf (on the server) |
rw | /etc/aix.slapd.conf (on the server) |
mksecldap -s -l -a cn=admin,o=ibm,c=us -p adminpwd -k /etc/security/ldap/server/key.kdb
mksecldap -c -h / master.ldap.business.com,replica1.ldap.business.com,replica2.business.com -d / ou=aixtree,o=ibm,c=us -u joe,jack,jeremy -a "cn=admin,o=ibm,c=us" -p / adminpwd -k/etc/security/ldap/client/key.kdb -w clientpwd /