Container authentication with LDAP/AD user
Setting LDAP authentication
Follow the steps described in Managing users from external LDAP on Netezza Performance Server 11.0.3.1 or later.
Connecting to the Netezza Performance Server host with the LDAP user
- From the bare metal node,
run:
Example:ssh <LDAP_user>@localhost -p 51022
[root@e1n1 ~]# ssh ldapUser1@localhost -p 51022 ldapUser1@localhost's password: Creating directory '/home/ ldapUser1'. [ldapUser1@e1n1 ~]$
Allowing specific LDAP users to connect
When LDAP is enabled for database users, every LDAP user can connect to the container through
ssh on port 51022
. If you want to prevent all LDAP users from
being able to ssh to the container and allow only specific LDAP users for
container authentication via 51022
, follow the procedure.
- Connect to the NPS host with the
root
user. - Add this line in
/etc/ssh/sshd_config:
If theAllowUsers nz root ldapUser1
AllowUsers
line is already present with thenz
androot
user, simply append theldap user
name to the line.This allows only the
nz
,root
andldapUser1
to connect to the NPS host. - Restart the
sshd
service:systemctl restart sshd
Running sudo commands with the LDAP OS user without a root
password
- Log in to the Netezza Performance Server host as the
root
user. - Run the command:
visudo
- Append the line:
Now theldapuser1 ALL = NOPASSWD:ALL
ldapUser1
user can run sudo commands without aroot
password.Example:
In the example,[ldapUser1@truce1 ~]$ sudo useradd newUser
ldapUser1
can run the useradd command without aroot
password.
Authenticating without a password to the nz user from the LDAP OS user
Follow the steps as described in Connecting OS users to the nz user without password.