1 2 3 4 5 6 7 | cn=group1,ou=Groups,ou=SYS1,o=ORG,c=US cn=group1 objectClass=aixauxgroup objectClass=posixgroup objectClass=top gidnumber=1142 memberuid=user1 |
1 2 3 4 5 6 7 | cn=group1,ou=Groups,ou=SYS1,o=ORG,c=US cn=group1 objectClass=aixauxgroup objectClass=posixgroup objectClass=top gidnumber=1142 memberuid=uid=user1,ou=People,ou=SYS1,o=UBS,c=COM |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | #!/usr/bin/perl $cfg = "/etc/security/ldap/2307aixuser.map"; open(ETC,"< $cfg"); @etc = <ETC>; close(ETC); chomp(@etc); $updatecfg = 0; $refreshldap = 0; foreach $line (@etc) { if ( $line =~ /^lastupdate/ ) { @row = split(" ",$line) ; if ( $row[-1] !~ /seconds/ ) { $updatecfg = 1; } } } if ( $updatecfg ) { open(ETC,"> $cfg"); foreach $line (@etc) { if ( $line =~ /^lastupdate/ ) { print("Setting LDAP user mapping to accept seconds ...\n"); print(ETC "lastupdate SEC_INT shadowlastchange s seconds\n"); } else { print(ETC "$line\n"); } } close(ETC); } $cfg = "/etc/security/ldap/ldap.cfg"; open(ETC,"< $cfg"); @etc = <ETC>; close(ETC); chomp(@etc); $updatecfg = 0; foreach $line (@etc) { if ( $line =~ /^memberfulldn:/ ) { @row = split(":",$line) ; if ( $row[1] !~ /yes/ ) { $updatecfg = 1; } } } if ( $updatecfg ) { open(ETC,"> $cfg"); foreach $line (@etc) { if ( $line =~ /^memberfulldn:/ ) { print("Setting LDAP configuration to accept fulldn ...\n"); print(ETC "memberfulldn: yes\n"); } else { print(ETC "$line\n"); } } close(ETC); } $masters = "host1,host2"; $cmd = "/usr/sbin/mksecldap -c -a cn=rootdn -p rootdnpwd -d $SUFFIX -h $masters -n 20389"; print("INFO: configuring all nodes to listen to $masters peer-2-peer ...\n"); print("Executing $cmd ...\n"); system("$cmd"); |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | #!/usr/bin/perl $rootuser = `/usr/sbin/lsuser –R files root`; chomp($rootuser); print("ROOTUSER = $rootuser\n"); $rootuser =~ s/^root //; $rootuser =~ s/SYSTEM=LDAP or compat //; $rootuser =~ s/SYSTEM=LDAP //; $rootuser =~ s/SYSTEM=compat //; $rootuser =~ s/SYSTEM=LDAP or compat//; $rootuser =~ s/SYSTEM=LDAP//; $rootuser =~ s/SYSTEM=compat//; $rootuser =~ s/auth1=(\w+)/auth1=NONE/; $rootuser =~ s/auth2=(\w+)/auth2=NONE/; $rootuser =~ s/registry=(\w+)//; $rootuser =~ s/(\w+)=(\s|$)//g; # remove all empty attributes $rootuser =~ s/(\w+)_login=([\w-]+)\s//g; # remove all session status attributes print("ROOTUSER = $rootuser\n"); $cmd = "/usr/bin/mkuser –R LDAP $rootuser root"; logger("Creating root: $cmd"); system("$cmd"); |
1 2 | /usr/sbin/mkitab –I rctcpip "usrmgt:23456789:wait:/opt/usrmgt/bin/setregfiles >/dev/console 2>&1" |
1 2 3 4 | #!/usr/bin/ksh /usr/bin/chsec -f /etc/security/user -s default -a registry=files /usr/bin/chsec -f /etc/security/group -s default -a registry=files |
1 2 3 4 5 6 7 8 9 10 11 | #!/usr/bin/perl $RSCT = "/usr/sbin/rsct/bin"; $MON = "/opt/usrmgt/mon"; $IV = "Name==\"CheckLDAP\""; $PRED = "String==\"NOK\" || Int32>0"; system("$RSCT/mksensor -i 10 -e 0 CheckLDAP $MON/checkldap"); system("$RSCT/mkresponse -n 'SetLDAPEnvironment' -s '$MON/restartldapclient' -e b RestartLDAPClient"); system("$RSCT/mkcondition -r IBM.Sensor -m l -S c -s '$IV' -e '$PRED' LDAP_PREP"); system("$RSCT/mkcondresp LDAP_PREP RestartLDAPClient"); system("$RSCT/startcondresp LDAP_PREP RestartLDAPClient"); |
欢迎光临 电子技术论坛_中国专业的电子工程师学习交流社区-中电网技术论坛 (http://bbs.eccn.com/) | Powered by Discuz! 7.0.0 |