You use OAT to change the ownership of files and directories on UNIX hosts to reflect the UID and GID in Active Directory. This allows you to maintain user or group information exclusively in Active Directory.
Use one of the following ways to change file ownership:
-
You can run the individual components of OAT manually as explained in Changing file ownership manually.
-
You can run the interactive script, called oat, as explained in Changing file ownership using the script.
You can run OAT any time after you have installed Safeguard Authentication Services. OAT makes scenarios such as mergers, acquisitions, and business unit restructuring much simpler. If you have been using override files and mapped users, you can simplify your Safeguard Authentication Services implementation by running OAT.
OAT allows you to maintain user information in Active Directory and simplify the footprint of information required on each UNIX host. To do this, set the UID (User ID) and GID (Group ID) of each file or directory on each host to that of the User ID and Group ID maintained in Active Directory. For example, suppose you have the following user information:
Hostname | Username | UserID | Explanation |
---|---|---|---|
hosta |
jdoe |
100 |
files and/or directories on hosta have owner uid 100 |
hostb |
johnd |
1000 |
files and/or directories on hosta have owner uid 1000 |
hostc |
john |
10000 |
files and/or directories on hosta have owner uid 10000 |
And in Active Directory you have:
Hostname | Username | UserID | Explanation |
---|---|---|---|
hostAD |
johndoe |
55555 |
|
After running OAT, the UID associated with each file and/or directory on each host is 55555, as follows:
Hostname | Old UserID | New UserID | Explanation |
---|---|---|---|
hosta |
100 |
55555 |
files and/or directories on hosta have owner uid 55555 |
hostb |
1000 |
55555 |
files and/or directories on hosta have owner uid 55555 |
hostc |
10000 |
55555 |
files and/or directories on hosta have owner uid 55555 |
Once you have changed the UID and GID to reflect the information now maintained in Active Directory, you can remove the /etc/passwd, /etc/shadow, and /etc/group information from each host. Safeguard Authentication Services allows proper permission handling of each file and directory.