Adding users from external LDAP to a local platform user group
You need to add user IDs from your External Windows AD to the local server groups of the
system, so that they can get elevated privileges just like apadmin
.
About this task
There are two groups defined in the local LDAP server where user IDs can be added:
ibmapadmins
: Members of this group can operate with privileges ofapadmin
and can execute many commands with sudo privileges.ibmapusers
: Members of this group are considered common users.
[root@userauth]# /opt/ibm/appliance/platform/userauth/bin/ap_external_ldap usermod -h
usage: ap_external_ldap usermod [-h] -u USERNAME -g {2001,2002}
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --user USERNAME
username from LDAP or Active Directory server
-g {2001,2002}, --groupid {2001,2002}
platform groupid: 2001 for ibmapdadmins, 2002 for
ibmapusers
Following are the steps to add a user user1
from your LDAP directory to Platform
OS group ibmapadmins
.
Procedure
Results
user1
has elevated administrative
privileges.
Additional step related to "suadmin" present in 1.0.7x Version.