![]() | |
Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3 |
AIXThe AIX resource adapter is defined in the com.waveset.adapter.AIXResourceAdapter class.
This adapter supports the following versions of AIX:
Resource Configuration Notes
If you will be using SSH (Secure Shell) for communication between the resource and Identity Manager, set up SSH on the resource before configuring the adapter.
Identity Manager Installation Notes
No additional installation procedures are required on this resource.
Usage Notes
The AIX resource adapter primarily provides support for the following AIX commands:
The Bourne-compliant shell (sh, ksh) must be used as the root shell when connecting to a UNIX resource (AIX, HP-UX, Solaris, or Linux).
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses the following connections to communicate with the AIX adapter:
Required Administrative Privileges
Managing users and groups require that the administrator be root or a member of the security group.
The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.
The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on AIX from the AIX Toolbox. The sudo facility allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.
In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user and admin user.
If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.
The administrator must be granted privileges to run the following commands with sudo:
In addition, the NOPASSWORD option must be specified for each command.
You can use a test connection to test whether
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Feature
Supported?
Enable/disable account
Yes
Rename account
No
Pass-through authentication
Yes
Before/after actions
Yes
Data loading methods
Import directly from resource
Reconcile with resource
You can define resource attributes to control the following tasks for all users on this resource:
Account Attributes
The following table lists the AIX user account attributes.
Notes:
Resource Object Management
Identity Manager supports the following native AIX objects:
Resource Object
Features Supported
Attributes Managed
Group
Create, update, delete, save as
groupName, admin, users
Identity Template
$accountId$
Sample Forms
Built-In
Also Available
AIXUserForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes: