RBAC command enablement for LDAP
All of the RBAC database management commands are enabled to use the configuration in the /etc/nscontrol.conf file and to query, modify, create, or remove the entity in the domain or domains defined for a given database.
By default, the domains are processed as defined in the secorder attribute
for a database, but this can be overridden by using the –R option on
the command line. Specifying the –R option for a command forces the
operation to occur on the specified domain and overrides the configuration
in the /etc/nscontrol.conf file. The following RBAC database
management commands are enabled for remote domain support:
- mkauth, chauth, lsauth, and rmauth
- mkrole, chrole, lsrole, and rmrole
- setsecattr, lssecattr, and rmsecattr
In addition, the setkst command is enabled to use the configuration contained in the /etc/nscontrol.conf file. The setkst command retrieves a merged copy of the entries for a given database as defined in the file and then loads the resulting data into the Kernel Security Tables.