cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Viewer II

Looking for a LDAP Solution for AIX & LINUX

Im looking for an authentication solution for AIX and Linux/CentOS servers that integrates with LDAP/AD.  It should allow the users to login to an AIX server and get notified that their password has expired and allow them to change it from the AIX ssh.

6 Replies
Newcomer I

Re: Looking for a LDAP Solution for AIX & LINUX

Tim2,

 

Not sure if you've looked at this but thought I'd give it a shot

https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/com.ibm.aix.security/config_aix_ad_thru_ld...

Contributor II

Re: Looking for a LDAP Solution for AIX & LINUX

I use Apache Directory Server (DS). Very stable. 

Advocate I

Re: Looking for a LDAP Solution for AIX & LINUX

You could also try:  https://www-01.ibm.com/support/docview.wss?uid=isg3T1027699

 

Regards

 

Caute_cautim

Highlighted
Newcomer III

Re: Looking for a LDAP Solution for AIX & LINUX

I strongly recommend the FreeIPA project that runs on Linux, you configure AIX clients REF:https://www.freeipa.org/page/FreeIPAv1:ConfiguringAixClients

 

This solution will offer bi-direction sync and password sync, with Active Directory, no trusts required. You can also add MFA to FreeIPA for stronger authentication. 

Newcomer I

Re: Looking for a LDAP Solution for AIX & LINUX

These days we always use MS AD to centralise authn/authz through something like sssd or samba, primarily because we rarely deploy into an environment where there is not already an existing AD for desktop or windows servers.

Advocate I

Re: Looking for a LDAP Solution for AIX & LINUX

Yes, a lot of organisations do this.  However, what I find is where you need a robust front end, and policy enforcement, we tend to put in a reference architecture based on Webseal Proxy via IBM Security Access Manager (ISAM) along with IBM Security Directory Server (ISDS), we often integrate for management purposes, then use integration with Microsoft AD to maintain separation of duties between users and the management (delivery teams).    Of course, these days you can also use cloud based services like Okta for federation purposes as well.  Of course, it all depends on the Enterprise Architecture related decisions and the nature of the business etc.

 

Regards

 

Caute_cautim