Chat now with support
Chat mit Support

Safeguard Authentication Services 6.1 - Administration Guide

Privileged Access Suite for UNIX Introducing One Identity Safeguard Authentication Services UNIX administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing UNIX hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts UNIX policies One Identity policies
Display specifiers Troubleshooting Glossary

RFC 2307 overview

The schema definitions of choice for most Safeguard Authentication Services users is a subset of the IETF RFC 2307 schema for UNIX user attributes. RFC 2307 is a cross-platform standard designed to promote interoperability between UNIX systems and LDAP-based directories. (Safeguard Authentication Services also recognizes the Microsoft SFU schema as well as allowing custom schema definitions.)

With Microsoft Windows Server 2003 R2, Microsoft has embraced the RFC 2307 standard, and is now including the RFC 2307 attribute definition as part of the default Active Directory schema. This means that when you install Windows 2003 R2 (or later), support for UNIX attribute information is automatically included and forms part of the baseline Active Directory schema definition.

RFC classes and attributes

Safeguard Authentication Services supports all NIS map objects defined in RFC 2307 as well as the ability to store custom NIS data. RFC 2307 provides classes for six standard NIS maps:

  • hosts

  • networks

  • protocols

  • services

  • rpc

  • netgroup

Safeguard Authentication Services supports these RFC 2307 standard maps and their representative classes.

Table 15: RFS classes and attributes
Map name RFC 2307 object class

netgroup

nisNetgroup

hosts

ipHost (device)

networks

ipNetwork

services

ipService

protocols

ipProtocol

rpc

oncRpc

These objects are generally created inside a container or organizational unit.

All other NIS maps are represented using the generic map classes provided in RFC 2307. These classes are nisMap and nisObject. A nisMap is a container object that holds nisObject objects. Set the nisMapName attribute of the nisMap object and nisObject objects it contains to the name of the imported NIS map. A nisObject represents a key-value pair where cn is the key attribute and nisMapEntry is the value.

Limitations of RFC 2307 as implemented by Microsoft

The RFC 2307 specification assumes that the cn attribute is multivalued. In Active Directory, the cn attribute is single-valued. This means that you must create aliases as separate objects.

NIS is case-sensitive and Active Directory is case-insensitive. Some aliases for certain NIS map entries are the same keys except all capitalized. Active Directory cannot distinguish between names that differ only by case.

Installing and configuring the Safeguard Authentication Services NIS components

To ensure that the NIS proxy agent daemon, vasypd, does not cause any system hangs when you install, configure, or upgrade it, follow the steps for each supported UNIX platform outlined in this section.

NOTE: Before installing and configuring the Safeguard Authentication Services NIS components, make sure you already installed the Safeguard Authentication Services agent software and joined the UNIX machine to an Active Directory domain.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen