[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Commands Reference, Volume 3

mksecldap Command

Purpose

Sets up an AIX cluster to use LDAP for security authentication and data management.

Syntax

To Set Up an LDAP Server

mksecldap -server [-a adminDN] [-p adminpasswd] [-k ssl key file path]

To Enable an LDAP Client

mksecldap -client [-h hostlist] [-d AixTreeDN] [-u ALL|userlist] [-a adminDN] [-p adminpasswd] [-k ssl key file path] [-w client certificate password] [-t timeout]

Note: This command can be run by root user only.

Description

The mksecldap command sets up an AIX cluster consisting of one server, and one or more clients to use LDAP for security authentication and data management. This command must be run on the server and all the clients.

Note: The client (-c flag) and the server (-s flag) options cannot be run at the same time. When setting up a server, the mksecldap command should be run twice on that machine. Once to set up the server, and again to set up the client.

On the server side, the mksecldap command:

On the client side, the mksecldap command:

Flags

On the server side:

-sserver Indicates that the command is being run to setup the server.
-aadminDN Specifies the adminDN to be used.
-padminpasswd Specifies the cleartext password for the adminDN.
-kssl key file path Specifies the ssl key file pathname.

On the client side:

-cclient Indicates the command is being run to setup the client.
-hhostlist Specifies a comma separated list of hostnames (server and backup server).
-dAIXTreeDN Specifies DN of the AIX subtree.
-uuserlist ALL| Specifies the comma separated list of usernames. ALL to enable all users on the client.
-aadminDN Specifies the adminDN to be used.
-padminpasswd Specifies the cleartext password for the adminDN.
-kssl key file path Specifies the path to the ssl key certificate.
-wclient certificate password Password for the key certificate.
-tmaxtimeout Amount of time the daemon will wait before unbinding with the server if there is no activity.

Files Accessed:

Mode File
r /etc/passwd
r /etc/group
r /etc/security/passwd
r /etc/security/limits
r /etc/security/user (on the server)
rw /etc/security/user (on the clients)
r /etc/security/environ
r /etc/security/user.roles
r /etc/security/lastlog
r /etc/security/smitacl.user
r /etc/security/mac_user
r /etc/security/group
r /etc/security/smitacl.group
r /etc/security/roles
rw /etc/security/login.cfg (on the server)
rw /etc/slapd.conf (on the server)
rw /etc/aix.slapd.conf (on the server)

Examples

  1. To setup the server using ssl:
    mksecldap -s -l -a  cn=admin,o=ibm,c=us  -p  adminpwd  -k 
    /etc/security/ldap/server/key.kdb
  2. To setup the client:
    mksecldap  -c  -h / 
    master.ldap.business.com,replica1.ldap.business.com,replica2.business.com  -d /
    ou=aixtree,o=ibm,c=us  -u  joe,jack,jeremy  -a "cn=admin,o=ibm,c=us"  -p /
    adminpwd -k/etc/security/ldap/client/key.kdb  -w clientpwd /

Related Information

LDAP Administrator's Guide


[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]