Previous      Contents      Next
Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3

---

AIX

The AIX resource adapter is defined in the com.waveset.adapter.AIXResourceAdapter class.

This adapter supports the following versions of AIX:

4.3.3
5.2

Resource Configuration Notes

If you will be using SSH (Secure Shell) for communication between the resource and Identity Manager, set up SSH on the resource before configuring the adapter.

Identity Manager Installation Notes

No additional installation procedures are required on this resource.

Usage Notes

The AIX resource adapter primarily provides support for the following AIX commands:

mkuser, chuser, rmuser
mkgroup, chgroup, rmgroup
passwd, pwdadm

---

Note  For more information about supported attributes and files, refer to the AIX manual pages for these commands.

---

The Bourne-compliant shell (sh, ksh) must be used as the root shell when connecting to a UNIX resource (AIX, HP-UX, Solaris, or Linux).

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses the following connections to communicate with the AIX adapter:

Telnet
SSH (SSH must be installed independently on the resource.)

Required Administrative Privileges

Managing users and groups require that the administrator be root or a member of the security group.

The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.

The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on AIX from the AIX Toolbox. The sudo facility allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.

In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user and admin user.

If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.

The administrator must be granted privileges to run the following commands with sudo:

User, Group, and Security Commands		NIS Commands	Miscellaneous Commands
chgroup   chgrpmem chsec   chuser   lsgroup   lssec   lsuser   mkgroup   mkuser	rmgroup   rmuser   passwd   pwdadm	make   ypcat   ypmatch   yppasswd	awk   cat   cd   chmod   chown   cp   cut   diff   echo	grep   ls   mv   rm   sed   sleep   sort   tail   touch

In addition, the NOPASSWORD option must be specified for each command.

You can use a test connection to test whether

These commands exist in the administrator user’s path
The administrative user can write to /tmp
The administrative user have rights to run certain commands

---

Note  A test connection can use different command options than a normal provision run.

---

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature	Supported?
Enable/disable account	Yes
Rename account	No
Pass-through authentication	Yes
Before/after actions	Yes
Data loading methods	Import directly from resource   Reconcile with resource

You can define resource attributes to control the following tasks for all users on this resource:

Create a home directory when creating the user
Copy files to the user’s home directory when creating the user
Delete the home directory when deleting the user

Account Attributes

The following table lists the AIX user account attributes.

---

Notes:

---

Attributes are optional unless noted in the description.
All attributes are Strings.

Resource User Attribute	mkuser Equivalent	Description
accountId	login_name	Required. The user’s login name.
account_locked	account_locked=[true | false]	Indicates if the user account is locked.
admin	admin=[true|false]	Defines the administrative status of the user.
daemon	daemon=[true|false]	Indicates whether the user can run programs using the cron or src daemon.
expires	expires=MMDDhhmmyy	The expiration date of the account.
gecos	gecos=String	General information about the user.
groups	groups=GroupNames	A comma-separated list of group names the user belongs to.
home	home=PathName	The full path to the user’s home directory.
id	id=Integer	A unique integer string that specifies the user ID.
login	login=[true | false]	Indicates whether the user can log in to the system with the login command.
loginretries	loginretries=attempts	The number of unsuccessful login attempts allowed after the last successful login before the system locks the account.
maxage	maxage=weeks	The maximum age, in weeks, of a password.
maxexpired	maxexpired=weeks	The maximum time, in weeks, beyond the maxage value that a user can change an expired password.
pgrp	pgrp=GroupName	The user's primary group.
rlogin	rlogin=[true | false]	Permits access to the account from a remote location with the telnet or rlogin commands.
shell	shell=PathName	The program run for the user at session initiation.
su	su=[true | false]	Indicates whether another user can switch to the specified user account with the su command.
umask	umask=Value	Sets file permissions.

Resource Object Management

Identity Manager supports the following native AIX objects:

Resource Object	Features Supported	Attributes Managed
Group	Create, update, delete, save as	groupName, admin, users

Identity Template

$accountId$

Sample Forms

Built-In

AIX Group Create Form
AIX Group Update Form

Also Available

AIXUserForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes:

com.waveset.adapter.AIXResourceAdapter
com.waveset.adapter.ScriptedConnection

Previous      Contents      Next

---

Copyright 2006 Sun Microsystems, Inc. All rights reserved.