Configuring the AIX operating system to work with Active Directory through LDAP

AIX® supports Microsoft Active Directory (AD) as an LDAP server for user and group management. It is required that the AD server has the UNIX supporting schema installed.

An administrator can use the mksecldap command to configure AIX on the AD server in the same manner as an IBM® Tivoli® Directory Server. The mksecldap command hides all the details of configuration to simplify the process. Before running the mksecldap command to configure AIX on the AD server:
  1. The AD server must have the UNIX support schema installed.
  2. The AD server must contain users which are UNIX enabled.

For more information about installing UNIX schema to AD and enabling AD users with UNIX support, see the related Microsoft documentation.

The AD schema often has multiple attribute definitions for the same UNIX attribute (for example, there are multiple user password and group member definitions). Although AIX supports most of them, consideration and planning should be done carefully when selecting the definitions to use. It is recommended that AIX systems and other non-AIX systems sharing the same AD use the same definition to avoid conflicts.