Does QAS support AIX Extended Attributes?
Certain attributes are supported from QAS 4.0.3.89.
The QAS LAM module has the ability to service a number of user attributes beyond the standard Unix identity attributes (UID, GID, Shell,etc). For example, you can store user-specific ulimit attributes, such as fsize, core, cpu, and so forth. There many other attributes you can service with the QAS LAM module.
To store all of these attributes in an LDAP directory, IBM provides a user object schema extension. QAS does not require this schema extension to service these extended attributes. Instead, the QAS LAM module stores this extended attribute data in a local database. In this way the QAS module is a hybrid module; it serves core identity information (UID) from Active Directory, while storing and serving these extended user attributes locally. Since extended attributes are stored locally on each AIX server, you must make extended attribute changes for user accounts on every AIX server.
Use the chuser command to set an extended attribute on a QAS user, as follows:
bash$ chuser fsize=3000000 jdoe
You can set any number of attributes in this fashion.
After setting the value, you can view it using the lsuser command:
bash$ lsuser jdoe
jdoe id=5000 pgrp=jdgroup home=/home/jdoe shell=/bin/bash gecos= registry=VAS fsize=3000000
You can set a large number of attributes this way, however you can not set attributes that have either a static value returned by the QAS LAM module or a read-only value served out of Active Directory. These are the attributes you can not set through the QAS LAM module (chuser):
SYSTEM
account_locked
auth1
auth2
expires
gecos
groups
groupsids
home
id
loginretries
pgid
pgrp
pwdwarntime
registry
shell
unsuccessful_login_count
domains
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center