Question & Answer
Question
The default LDAP user entry is not a real user and can't be modified with the 'chuser' command. How can a default entry value be modified from an AIX LDAP integrated login client?
Answer
The LDAP default entry is not a real user so we have to use LDAP commands to modify its attributes.
Here's how to modify the value of the "shadowmax" attribute for the default entry:
1. Find the DN for the LDAP entry to modify
Use 'lsldap' command:
In this example, the entry's DN is:
2. Find the ldap server hostname, bind DN and bind password.
You can get this information from the ldap.cfg file on a working client.
The bind password is encrypted so you have to know the actual password.
In this example, we are using:
3. Create an ldif file similar to the following
Here's how to modify the value of the "shadowmax" attribute for the default entry:
1. Find the DN for the LDAP entry to modify
Use 'lsldap' command:
# lsldap -a passwd default
dn: uid=default,ou=People,cn=aixdata
uid: default
objectClass: aixauxaccount
objectClass: shadowaccount
objectClass: posixaccount
objectClass: account
objectClass: ibm-securityidentities
objectClass: top
cn: default
uidnumber: -1
gidnumber: -1
passwordchar: *
userpassword: {crypt}*
homedirectory: *
isadministrator: false
isloginallowed: true
isswitchuserallowed: true
isdaemon: true
isremoteaccessallowed: true
groupswitchuserallowed: ALL
terminalaccess: ALL
authmethod1: SYSTEM
authmethod2: NONE
trustedpathstatus: nosak
filepermmask: 022
timeexpirelockout: 0
shadowwarning: 0
isaccountenabled: false
passwordhistexpire: 0
passwordhistsize: 0
shadowmin: 0
shadowmax: 0
...
In this example, the entry's DN is:
uid=default,ou=People,cn=aixdata
2. Find the ldap server hostname, bind DN and bind password.
You can get this information from the ldap.cfg file on a working client.
The bind password is encrypted so you have to know the actual password.
In this example, we are using:
hostname = reptilebso
bind DN = cn=admin
bind password = secret
3. Create an ldif file similar to the following
Here's a file I called "modify.ldif":
All we're doing here is specify that we want to modify the "shadowmax" and set it to 8.
4. Run ldapmodify against ldif file
5. Check that the change was successful:
dn: uid=default,ou=People,cn=aixdata
changetype: modify
replace: shadowmax
shadowmax: 8
All we're doing here is specify that we want to modify the "shadowmax" and set it to 8.
4. Run ldapmodify against ldif file
# ldapmodify -h reptilebso -D cn=admin -w secret -f ./modify.ldif
5. Check that the change was successful:
# lsldap -a passwd default | grep shadowmax
shadowmax: 8
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m3p000000hBBEAA2","label":"Communication Applications-\u003ELDAP"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
08 July 2022
UID
isg3T1011826