Openldap how to use RFC2307AIX schema which support aixAuxAccount objectClass - aix

I'm setting up an Openldap system with two machines, include one Openldap Server (Redhat 6.4) and one Openldap Client (AIX 6.1)
Now I could create LDAP User and login in AIX machine with that account.
However, I want to use hostsdeniedlogin and hostsallowedlogin those are two attributes of objectClass aixauxaccount but my Openldap server doesn't have any Object like that.
I found an aix2307aix.schema on internet, but don't know how to use it.
rfc2307aix.schema
Beside that file, I also found: a file names nisSchema.ldif which have content in the following form:
dn:cn=schema
changetype: modify
replace: objectclasses
objectclasses: (
1.3.18.0.2.6.472
NAME 'aixAuxAccount'
DESC 'Auxiliary AIX user information objectclass, for use with posixaccount an
d shadowaccount objectclasses'
SUP top
AUXILIARY
MAY ( passwordChar $ adminGroupNames $ aIXDefaultMACLevel $ aIXFuncMode $ aIXi
sDCEExport $ aIXLowMACLevel $ aIXPromptMAC $ aIXScreens $ aIXUpperMACLevel $ aud
itClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cPuS
ize $ cPuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit
$ fileSizeLimitHard $ groupList $ groupSwitchUserAllowed $ hostLastLogin $ host
LastUnsuccessfulLogin $ hostsAllowedLogin $ hostsDeniedLogin $ isAdministrator $
isAccountEnabled $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitch
UserAllowed $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginTimes $ maxFa
iledLogins $ maxLogin $ openFileLimit $ openFileLimitHard $ passwordCheckMethods
$ passwordDictFiles $ passwordExpireTime $ passwordHistSize $ passwordMaxRepeat
edChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ pas
swordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ StackS
izeLimit $ StackSizeLimitHard $ SystemEnvironment $ terminalAccess $ terminalLas
tLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $
trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordFlags )
)
And I just found the way to add the rfc2307aix.schema file as the following link
how-to-add-a-new-schema-to-openldap
that schema seem to be added successfully, but I stuck with that nisSchema.ldif file found on AIX.
I attempted to use ldapadd, but not successful.
modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
Anyone know how to deal with this, please help!

I already had that "aixAuxAccount" ObjectClass. My AIX Client working fine now with 'hostsdeniedlogin' attribute. I had to clear the client cache and reconnect the Ldap Admin Tool to see the change. And don't need to use the nisSchema.ldif
For those, who dont know how to use the rfc2307aix.schema, please follow this thread:
how-to-add-a-new-schema-to-openldap
Thank you, for your attention and helps.

Related

Error when running API call in R using comprador() package

I get this error when I try to run an API call using ct_search() from comtradr() package in R .
Error in curl::curl_fetch_memory(url, handle = handle) :
SSL certificate problem: certificate has expired
Any ideas?
You haven't given enough details, but it could be related to this:
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
If you are on a Linux machine that you are running curl from, you can do the following:
$ sudo vi /etc/ca-certificates.conf
add an exclamation point in front of the line that says "mozilla/AddTrust_External_Root.crt" and save the file
$ sudo apt update
$ sudo apt install ca-certificates
$ sudo update-ca-certificates -f -v

git clone fail in gitlab runner docker

No idea why the git clone fail for all the time, I have add the correct host key and private key, but it still fail. Someone said the gitlab pipeline not support pulling from http, so I changed to ssh, but still failed
$ echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
$ chmod 600 ~/.ssh/known_hosts
$ echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
$ id
uid=0(root) gid=0(root) groups=0(root)
$ ssh-agent bash -c 'ssh-add /mytest/private;git clone
git#gitlab.home.kd:root/ansible-home.git --recursive -vvvvv'
Identity added: /mytest/private (/mytest/private)
Cloning into 'ansible-home'...
Warning: Permanently added 'gitlab.home.kd' (ECDSA) to the list of
known hosts.
Server supports multi_ack_detailed
Server supports side-band-64k
Server supports ofs-delta
Server version is git/2.18.1
want e959694c7a5c95f27572ae6f2aa6e1aa6fa23a99 (HEAD)
want 989fd778545ca1ae507cad35ae224d8bb92f2db4 (refs/heads/dev)
want e959694c7a5c95f27572ae6f2aa6e1aa6fa23a99 (refs/heads/master)
done
$ ls /ansible-home
ls: cannot access '/ansible-home': No such file or directory
ERROR: Job failed: exit code 1

Awk losing posix mode under sudo

This started as an obscure problem with RPM scriptlets occasionally failing on awk. I narrowed it down to the following: The scriptlets use a GNU extension: length(array) construct, not supported when running in the posix mode. OK so far. What I don't understand is how running awk under sudo changes the posix compliance behavior. Here is a simple awk script that should run in the GNU mode, and should fail in posix mode.
$ cat ./try
/bin/awk 'BEGIN{x[1]=foo;x[2]=bar;print length(x);}'
$ /bin/awk --version | grep Awk
GNU Awk 4.0.2
$ id
uid=0(root) gid=0(root) groups=0(root)
$ /bin/sh ./try
awk: cmd. line:1: fatal: length: received array argument
$ sudo /bin/sh ./try
2
$
What is the underlying mechanism that changes the awk behavior?
Awk (really gawk under linux) is being controlled by the POSIXLY_CORRECT environment variable, which was occasionally being inherited from the original user's environment. The installation in question must be run by root, but at times the admin would become root with "su" which keeps the environment, thus keeping his POSIXLY_CORRECT, forcing gawk into a posix mode, and failing the GNU length(array) extension. At other times the admin would run "sudo" or "su -" to become root, start with root's clean environment and successfully run the extended gawk functionality.

How to remove all records from LDAP?

Is it possible to remove all entries from LDAP by one-line commend?
I tried:
ldapdelete -r 'cn=*,dc=domain,dc=com' -w
but it's not working. I have no better ideas;/
ldapdelete is to remove specific DN, you can't use a wilcard.
There is no native "oneliner". You can execute a ldapsearch and provide the list of DN resulting from this search to the ldapdelete
Something like :
ldapsearch -LLL -s one -b "dc=domain,dc=com" "(cn=*)" dn | awk -F": " '$1~/^\s*dn/{print $2}' > listOfDNtoRemove.txt && ldapdelete -r -f listOfDNtoRemove.txt
-s one : this option on the ldapsearch is to retrieve only the first level child under the branch dc=domain,dc=com
-LLL : this option is to have LDIF format output
-r : this option is to recursively delete the previously first level branch found and their childs
awk -F": " '$1~/^\s*dn/{print $2}' : this awk is to print only the line starting by dn: and printing the value of the dn
NOTE : ldapdelete also reads the list of DN from the standard input, so you can pipe the ldapsearch results directly to the ldapdelete if you want to avoid the temporary file
With the HDB backend
You can try this approach: go to the /var/lib/ldap directory and run this command:
sudo rm __db.* *.bdb log.*
The slapd server should preferably be shutdown before running this command.
Make sure you have a backup of the files before executing this
With the MDB backend
Similar as the above, but the file names are different:
sudo rm *.mdb

invalid command name "Queue/LTEQueue"

I`ve installed lte in ns2.35 but it gives the folowing error:
invalid command name "Queue/LTEQueue"
while executing
"Queue/LTEQueue set qos_ true "
(file "lte.tcl" line 21)
when i run lte.tcl
please hepe meto solve it
Your error: You are using a (wrong) copy of 'ns' with no LTE, or you have a failed build.
LTE, Howto ....
$ tar xvf ns-allinone-2.35_gcc482.tar.gz
https://drive.google.com/file/d/0B7S255p3kFXNSGJCZ2YzUGJDVk0
$ cd ns-allinone-2.35/
$ patch -p0 < LTE-ns235_2014-2.patch
https://drive.google.com/file/d/0B7S255p3kFXNLVlDZ29EWWxJTFk/view?usp=sharing
$ ./install
$ cd ns-2.35/
$ sudo make install ('make install' will copy the executable 'ns' to /usr/local/bin/)
$ cp ns ns235-lte ( This is your backup and the recognizable "lte ns" )
$ sudo cp ns235-lte /usr/local/bin/
$ cd ../nam-1.15/
$ sudo make install
The examples : lte-examples-0614.tar.gz https://drive.google.com/file/d/0B7S255p3kFXNRWV4Mzc0bGYtQzA/view?usp=sharing
Run some examples:
$ ns235-lte bicfixdownlink.tcl
$ ns235-lte deVacto-lte.tcl
$ ns235-lte 24_downl413.tcl
EDIT : New example package, lte-examples-06.17.tar.gz, added 24_downl413.tcl, etc. https://drive.google.com/file/d/0B7S255p3kFXNSmd4Q3h3dXp1QWc/view?usp=sharing
And ns-allinone-2.35: gt-itm updated → ns-allinone-2.35_gcc5.tar.gz
https://drive.google.com/file/d/0B7S255p3kFXNVVlxR0ZNRGVORjQ/view?usp=sharing