You can automatically block UNIX accounts when users are deprovisioned in ActiveRoles Server.
To deprovision UNIX users
-
In the ActiveRoles Server Console, navigate to Configuration > Policies > Administration.
-
From the Action menu, select New > Deprovisioning Policy.
-
When the New Deprovisioning Policy Object Wizard starts, click Next.
-
On the Name and Description page, in the Name box, enter Disable UNIX accounts for deprovisioned users, then click Next.
-
On the Policy to Configure page, locate the Safeguard Authentication Services Integration Pack, select the Deprovision UNIX User policy type, then click Next.
-
On the Policy Parameters page, select the UnixDisable parameter, then click Edit.
-
On the Edit Parameter page, from the Value: drop-down, select True, then click OK.
-
On the Policy Parameters page, select the PrimaryGidNumber parameter, then click Edit.
-
On the Edit Parameter page, specify an integer value for the Primary GID number, then click OK.
-
On the Policy Parameters page, click Next.
-
On the Enforce Policy page, click Add.
-
On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new users), then click OK.
-
On the Select Objects page, select the Active Directory item at the top of the list, click Add, then click OK.
-
On the Enforce Policy page, click Next.
-
To create the new policy object and close the wizard, click Finish.
When you deprovision a user account, the Integration Pack automatically clears the user's UNIX attributes.
To automatically UNIX-enable groups
-
From the ActiveRoles Server Console, navigate to Configuration > Policies > Administration.
-
From the Action menu, select New > Provisioning Policy.
-
When the New Provisioning Policy Object Wizard starts, click Next.
-
On the Name and Description page, enter UNIX-enable new groups in the Name box and click Next.
-
On the Policy to Configure page, locate the Safeguard Authentication Services Integration Pack and select the Provision UNIX Group policy type and click Next.
-
On the Policy Parameters page, select the AutoUnixEnable parameter and click Edit.
-
On the Edit Parameter page, open the Value: drop-down menu, select True and click OK.
-
On the Policy Parameters page, click Next.
-
On the Enforce Policy page, click the Add button.
-
On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new Active Directory groups), and click OK.
-
On the Select Objects page, select the Active Directory item at the top of the list, click Add, then click OK.
-
On the Enforce Policy page, click Next.
-
Click Finish to create the new policy object.
-
On the ActiveRoles Server dialog, click OK to return to the ActiveRoles Server Console.
When you provision a new group account, the Integration Pack automatically UNIX-enables the users associated with that account. That is, it populates the user's UNIX attributes.
You can automatically block UNIX accounts when groups are deprovisioned in ActiveRoles Server.
To deprovision UNIX groups
-
In the ActiveRoles Server Console, navigate to Configuration > Policies > Administration.
-
From the Action menu, select New > Deprovisioning Policy.
-
When the New Deprovisioning Policy Object Wizard starts, click Next.
-
On the Name and Description page, in the Name box, enter Disable UNIX accounts for deprovisioned groups, then click Next.
-
On the Policy to Configure page, locate the Safeguard Authentication Services Integration Pack, select the Deprovision UNIX Group policy type, then click Next.
-
On the Policy Parameters page, select the UnixDisable parameter, then click Edit.
-
On the Edit Parameter page, rom the Value: drop-down, select True, then click OK.
-
On the Policy Parameters page, click Next.
-
On the Enforce Policy page, click Add.
-
On the Select Objects page, click Browse, select Active Directory (to apply this policy to all new groups), then click OK.
-
On the Select Objects page, select the Active Directory item at the top of the list, click Add, then click OK.
-
On the Enforce Policy page, click Next.
-
To create the new policy object and close the wizard, click Finish.
When you deprovision a group account, the Integration Pack automatically clears the group's UNIX attributes rendering it UNIX-disabled.