Hi I will me configuring LDAP Authentication on Linux for IIS 11.3.
I am wondering if Active directories comes in to picture how do I give super operator , ds developer, project manager roles ?
Any suggestions are highly appreciated
LDAP (PAM) configuration how to define ds security roles
Moderators: chulett, rschirm, roy
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
You will find it beneficial (essential) to use the Filter capability to isolate the Active Directory group or user names to which you need to assign Information Server roles, whether suite roles, product/component roles or project roles.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Thank you for responding
So basically once I configure PAM and LDAP authentication (WAS console).
When sure is created on Active directory .I should be able to use filter capability in IIS console to find the user by user name .
Open user and give roles on IIS console.
then in Admin client provide role .
Does Linux (OS admin) has to do any configurations between OS and Active directory ?
Is that all. Please correct me if I am wrong .
So basically once I configure PAM and LDAP authentication (WAS console).
When sure is created on Active directory .I should be able to use filter capability in IIS console to find the user by user name .
Open user and give roles on IIS console.
then in Admin client provide role .
Does Linux (OS admin) has to do any configurations between OS and Active directory ?
Is that all. Please correct me if I am wrong .
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
If Linux (through PAM) is using the same Active Directory instance that you're using for Information Server, then you can simply record that the user registry is "shared" and you don't do anything at all with engine credentials.
If, on the other hand, Information Server is using LDAP but Linux is not, then you will need to set up engine credentials - at least for the "default" user, and possibly for specific individuals who have logins on Linux to which they want to map for some reason.
If, on the other hand, Information Server is using LDAP but Linux is not, then you will need to set up engine credentials - at least for the "default" user, and possibly for specific individuals who have logins on Linux to which they want to map for some reason.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
yes now I see it expired.
May be I have to reactivate it ...
I am still in process in setting up Active directory on LINUX RedHat
I am using 64bit (datastage and oslevel)
/lib/security/pam_stack.so file is missing .
/lib64/security/pam_stack.so file is missing .
How to get this file? will sysadmin installs it ?
read IBM doc to create dsepam file in /etc/pam.d/
since this is linux
I see two entries
1) #%PAM-1.0
# for engine PAM authentication
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
2)#%PAM-1.0
auth required /lib64/security/pam_stack.so service=system-auth
password required /lib64/security/pam_stack.so service=system-auth
account required /lib64/security/pam_stack.so service=system-auth
which one should I follow?
Thanks,
Peep
May be I have to reactivate it ...
I am still in process in setting up Active directory on LINUX RedHat
I am using 64bit (datastage and oslevel)
/lib/security/pam_stack.so file is missing .
/lib64/security/pam_stack.so file is missing .
How to get this file? will sysadmin installs it ?
read IBM doc to create dsepam file in /etc/pam.d/
since this is linux
I see two entries
1) #%PAM-1.0
# for engine PAM authentication
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
2)#%PAM-1.0
auth required /lib64/security/pam_stack.so service=system-auth
password required /lib64/security/pam_stack.so service=system-auth
account required /lib64/security/pam_stack.so service=system-auth
which one should I follow?
Thanks,
Peep
for ldap authentication IBM has information in parts wise
one document talks about PAM and share registries
another document talks about configuring with PAM file by creating pam.d
another document guides to log into web console->global security -->change authentication type
really confusing ....
basically I am try to have single ID creating thats it .
so I know mofidying uvconfig and regen-ing the dsengine
In IIS console check share registries
looks like OS should be configured with ldap server (AD) right ?
if yes ..any insight on it ?
please share ...
one document talks about PAM and share registries
another document talks about configuring with PAM file by creating pam.d
another document guides to log into web console->global security -->change authentication type
really confusing ....
basically I am try to have single ID creating thats it .
so I know mofidying uvconfig and regen-ing the dsengine
In IIS console check share registries
looks like OS should be configured with ldap server (AD) right ?
if yes ..any insight on it ?
please share ...
-
ray.wurlod
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact: