Script to create home dirs

When LDAP is enabled, any user in the tree can login (with some conditions), but the users home directory isn’t built on the fly. The way to fix this is remotely mounted home directories, but that’s not always practical. If there is no local home directory, and you don’t mount the directory remotely, the user will be put into the guest home directory at login. This script will scan the LDAP tree, check to see if the user is denied logins on this host, create the home directory, and copy the .profile from /etc/skel/.

RFC 2307aix schema for OpenLDAP

IBM recommends people use Tivoli Directory Server for LDAP authentication with AIX. Which is free for AIX use and contains all the proprietary schemas necessary. But, if you already have OpenLDAP, IBM uses a proprietary schema that makes full integration difficult. Or if you want to use the LDAP server for more than just AIX authentication, you have to buy the full product.

You can authenticate in RFC 2307 mode, but you miss most of the AIX specific user attributes. This schema works with RFC 2307AIX mode in AIX. Some modifications had to be made, mainly boolean attributes don’t work well between OpenLDAP and AIX. I don’t know if AIX or OpenLdap is more RFC compliant, but it’s broken. So, those are converted to text attributes, and seem to work well.

Disabling NTP stepping

Normally NTP slews the time if it’s off by less than 128ms, and steps the time if it’s over that. This can cause some serious problems with Oracle (especially 9i+). The -x option in xntpd forces all time changes to be slewed instead of stepped. You’ll want to run ntpdate if your time isn’t pretty close to being accurate already then make these changes:

stopsrc -s xntpd
chssys -s xntpd -a "-x"
startsrc -s xntpd