IBM recommends people use Tivoli Directory Server for LDAP authentication with AIX. Which is free for AIX use and contains all the proprietary schemas necessary. But, if you already have OpenLDAP, IBM uses a proprietary schema that makes full integration difficult. Or if you want to use the LDAP server for more than just AIX authentication, you have to buy the full product.
You can authenticate in RFC 2307 mode, but you miss most of the AIX specific user attributes. This schema works with RFC 2307AIX mode in AIX. Some modifications had to be made, mainly boolean attributes don’t work well between OpenLDAP and AIX. I don’t know if AIX or OpenLdap is more RFC compliant, but it’s broken. So, those are converted to text attributes, and seem to work well.
This schema is provided as-is, if it breaks free and destroys your world, it’s not my fault. If you fix anything broken, please send me the changes.
This seems seriously useful, right now I’m trying to add rfc2307aix to the only functional packaged openldap I could find for AIX 6.1 (namely pware53-64.openldap.rte 188.8.131.52).
I’ve found out that as a prerequisite you need RFC2307 as defined in the nis.schema . This in turn depends on core.schema, cosine.schema and inetorgperson.schema.
ah at last, I found this post again. You have few useful tips for my school project. Now, I won’t forget to bookmark it. 🙂
Tested on my machine.
Just a heads up, so of the attributes listed begin with: attributetypes:
Newer versions of OpenLDAP give an error of: Old attribute type not supported.
Need to be change to.