Go to main content

Managing User Accounts and User Environments in Oracle® Solaris 11.4

Exit Print View

Updated: August 2021

How to Assign Default User Attributes for LDAP Accounts

For LDAP accounts, an administrator can assign qualified user attributes to users by using the default account name default@. The useradd, usermod, and userdel commands have been modified to support this account name. The following example shows how to create a default account and assign default user attributes to users based on their netgroup membership.

  1. Become an administrator.

    See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  2. Create the default and test accounts in the LDAP name service.
    # useradd -S ldap default@
    # useradd -S ldap -m admin1
    # useradd -S ldap -m admin2
    # useradd -S ldap -m admin3
  3. Create two netgroups.
    # cat netgroups
    dba (,admin1,) (,admin2,)
    web (,admin3)
    # ldapaddent -D cn=admin,ou=profile,dc=gfaden,dc=com -f netgroups netgroup
  4. Assign the netgroups as qualifiers to the default account.
    # usermod -q @dba -K profiles="Oracle DBA" default@
    # usermod -q @web -K profiles="Web Admin" default@
  5. Assign the user_attr entries.
    # ldapaddent -d user_attr |grep ^default@
    default@:@dba:::profiles=Oracle DBA
    default@:@web:::profiles=Web Admin
  6. List the effective user_attr for each user.
    # getent user_attr admin1
    default@:@dba:::profiles=Oracle DBA
    # getent user_attr admin2
    default@:@dba:::profiles=Oracle DBA
    # getent user_attr admin3
    default@:@web:::profiles=Web Admin