Adding users from external LDAP to a local platform user group

You need to add user IDs from your External Windows AD to the local server groups of the system, so that they can get elevated privileges just like apadmin.

About this task

There are two groups defined in the local LDAP server where user IDs can be added:
  • ibmapadmins : Members of this group can operate with privileges of apadmin and can execute many commands with sudo privileges.
  • ibmapusers: Members of this group are considered common users.
[root@userauth]# /opt/ibm/appliance/platform/userauth/bin/ap_external_ldap usermod -h
usage: ap_external_ldap usermod [-h] -u USERNAME -g {2001,2002}

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --user USERNAME
                        username from LDAP or Active Directory server
  -g {2001,2002}, --groupid {2001,2002}
                        platform groupid: 2001 for ibmapdadmins, 2002 for
                        ibmapusers
                       

Following are the steps to add a user user1 from your LDAP directory to Platform OS group ibmapadmins.

Procedure

  1. Login as apadmin or equivalent user into the system head node.
  2. Run the following command:
    ap_external_ldap   usermod –group ibmapadmins  user1
    

Results

Draft comment: rahul.kumar.p@ibm.com
Additional step related to "suadmin" present in 1.0.7x Version.
The user user1 has elevated administrative privileges.