Container authentication with LDAP/AD user

Learn how to authenticate the Netezza Performance Server container with an LDAP/AD user.

Setting LDAP authentication

Follow the steps described in Managing users from external LDAP on Netezza Performance Server 11.0.3.1 or later.

Connecting to the Netezza Performance Server host with the LDAP user

  1. From the bare metal node, run:
    ssh <LDAP_user>@localhost -p 51022
    Example:
    [root@e1n1 ~]# ssh ldapUser1@localhost -p 51022
ldapUser1@localhost's password:
Creating directory '/home/ ldapUser1'.
[ldapUser1@e1n1 ~]$

Allowing specific LDAP users to connect

When LDAP is enabled for database users, every LDAP user can connect to the container through ssh on port 51022. If you want to prevent all LDAP users from being able to ssh to the container and allow only specific LDAP users for container authentication via 51022, follow the procedure.

  1. Connect to the NPS host with the root user.
  2. Add this line in /etc/ssh/sshd_config:
    AllowUsers nz root ldapUser1
    If the AllowUsers line is already present with the nz and root user, simply append the ldap user name to the line.

    This allows only the nz, root and ldapUser1 to connect to the NPS host.

  3. Restart the sshd service:
    systemctl restart sshd

Running sudo commands with the LDAP OS user without a root password

  1. Log in to the Netezza Performance Server host as the root user.
  2. Run the command:
    visudo
  3. Append the line:
    ldapuser1 ALL = NOPASSWD:ALL
    Now the ldapUser1 user can run sudo commands without a root password.
    Example:
    [ldapUser1@truce1 ~]$ sudo useradd newUser
    In the example, ldapUser1 can run the useradd command without a root password.

Authenticating without a password to the nz user from the LDAP OS user

Follow the steps as described in Connecting OS users to the nz user without password.