cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tim2
Newcomer II

Looking for a LDAP Solution for AIX & LINUX

Im looking for an authentication solution for AIX and Linux/CentOS servers that integrates with LDAP/AD.  It should allow the users to login to an AIX server and get notified that their password has expired and allow them to change it from the AIX ssh.

6 Replies
mleahey35
Newcomer I

Tim2,

 

Not sure if you've looked at this but thought I'd give it a shot

https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/com.ibm.aix.security/config_aix_ad_thru_ld...

Flyslinger2
Community Champion

I use Apache Directory Server (DS). Very stable. 

Caute_cautim
Community Champion

You could also try:  https://www-01.ibm.com/support/docview.wss?uid=isg3T1027699

 

Regards

 

Caute_cautim

Kempy
Newcomer III

I strongly recommend the FreeIPA project that runs on Linux, you configure AIX clients REF:https://www.freeipa.org/page/FreeIPAv1:ConfiguringAixClients

 

This solution will offer bi-direction sync and password sync, with Active Directory, no trusts required. You can also add MFA to FreeIPA for stronger authentication. 

isc2clack
Newcomer I

These days we always use MS AD to centralise authn/authz through something like sssd or samba, primarily because we rarely deploy into an environment where there is not already an existing AD for desktop or windows servers.

Caute_cautim
Community Champion

Yes, a lot of organisations do this.  However, what I find is where you need a robust front end, and policy enforcement, we tend to put in a reference architecture based on Webseal Proxy via IBM Security Access Manager (ISAM) along with IBM Security Directory Server (ISDS), we often integrate for management purposes, then use integration with Microsoft AD to maintain separation of duties between users and the management (delivery teams).    Of course, these days you can also use cloud based services like Okta for federation purposes as well.  Of course, it all depends on the Enterprise Architecture related decisions and the nature of the business etc.

 

Regards

 

Caute_cautim