The Solaris resource adapter primarily provides support for the following Solaris commands:
useradd, usermod, userdel
groupadd, groupmod, groupdel
passwd
For more information about supported attributes and files, refer to the Solaris manual pages for these commands.
The adapter does not support Solaris Trusted Extensions.
When a rename of a user account is executed on a Solaris resource, the group memberships are moved to the new user name. The user’s home directory is also renamed if the following conditions are true:
The original home directory name matched the user name.
A directory matching the new user name does not already exist.
The Bourne-compliant shell (sh, ksh) must be used as the root shell when connecting to a UNIX resource (AIX, HP-UX, Solaris, or Linux).
The administrative account that manages Solaris accounts must use the English (en) or C locale. This can be configured in the user’s .profile file.
In environments in which NIS is implemented, you can increase performance during bulk provisioning by implementing the following features:
Add an account attribute named user_make_nis to the schema map and use this attribute in your reconciliation or other bulk provisioning workflow. Specifying this attribute causes the system to bypass the step of connecting to the NIS database after each user update on the resource.
To write the changes to the NIS database after all provisioning has completed, create a ResourceAction named NIS_password_make in the workflow.
New user accounts on Solaris resources remain locked until the passwd(1) command is executed. After the user account on Solaris has been created, executing passwd -s <user> will show the status as locked(LK). After an account is created natively, the “Locked out Accounts” section of the Solaris Risk Analysis report will report the newly created account. In addition, the “Accounts With No Password” section of the Risk Analysis report will not list the newly created account.
Do not use control characters (for example, 0x00, 0x7f) in user passwords.