0 Replies Latest reply: Jan 16, 2013 2:22 AM by 895623 RSS

    bring /etc/security/exec_attr into the directory

    895623
      Hi,

      I'm trying to put the addon entries of /etc/security/exec_attr into the directory.

      The book "LDAP in the Solaris Operating Environment" states to do it that way:


      Content of exec_attr file:

      cat /etc/security/exec_attr

      Network Management:suser:cmd:::/usr/bin/setuname:euid=0

      LDIF to create an entry:
      dn: cn=Network Management+SolarisKernelSecurityPolicy=
      suser+SolarisProfileType=cmd+SolarisProfileId=
      */usr/bin/setuname,ou=SolarisProfAttr,dc=example,dc=com*
      changetype:add
      cn: Network Management
      SolarisKernelSecurityPolicy: suser
      SolarisProfileType: cmd
      SolarisProfileId: /usr/bin/setuname
      SolarisAttrKeyValue: euid=0
      objectclass: SolarisProfAttr
      objectclass: top


      Note
      The DN contains all the fields with values, separated by the plus sign.


      But it seems not correct, as SolarisProfAttr is the wrong objectclass. Sould be SolarisExecAttr, respectively SolarisProfAttr and SolarisExecAttr together as SolarisExecAttr is an auxiliary class. When I try to add the combined entry with dscc it complains about object class violation. I'll try to add it from the commandline.

      Does someone have an idea what is the correct way to put exec_attr into the ldap naming service?
      Is it necessary for the dn to be a combination of all the fields of a line of /etc/exec_attr ?
      If so, how could SolarisExecAttr and SolarisProfAttr be combined? SolarisExecAttr got no cn attribute and is an aux class which can not be used alone. Or is the schema not correct?


      thank you ,

      best regards,

      solst_ice

      objectclass ( 1.3.6.1.4.1.42.2.27.5.2.5
      NAME 'SolarisProfAttr'
      SUP top STRUCTURAL
      DESC 'Profiles data'
      MUST cn
      MAY ( SolarisAttrReserved1 $ SolarisAttrReserved2 $
      SolarisAttrLongDesc $ SolarisAttrKeyValue ) )

      objectclass ( 1.3.6.1.4.1.42.2.27.5.2.6
      NAME 'SolarisExecAttr'
      SUP top AUXILIARY
      DESC 'Profiles execution attributes'
      MAY ( SolarisKernelSecurityPolicy $ SolarisProfileType $
      SolarisAttrReserved1 $ SolarisAttrReserved2 $
      SolarisProfileId $ SolarisAttrKeyValue ) )