Exporting TSD policies and TE policies data to LDAP

Edit online

To use LDAP as a centralized repository for TSD policies and TE policies, the LDAP server must be populated with the policy data.

The LDAP server must have the TSD policies and the TE policies schema for LDAP installed, before LDAP clients can use the server for policy data. The TSD policies and the TE policies schema for LDAP is available on an AIX® system in the /etc/security/ldap/sec.ldif file. The schema for the LDAP server must be updated with this file by using the ldapmodify command.

To identify a version the TE databases on the LDAP server and make LDAP clients aware of the particular version, you must set the databasename attribute in the /etc/nscontrol.conf file. The databasename attribute takes any name as the value, and it is used by the tetoldif command while generating the ldif format.

Use the tetoldif command to read the data in the local TSD policies and TE policies files, and output the policies in a format that can be used for LDAP. The output generated by the tetoldif command can be saved to a file in ldif format, and then used to populate the LDAP server with the data with the ldapadd command. The following databases on the local system are used by the tetoldif command to generate the TSD policies and TE policies data for LDAP:

/etc/security/tsd/tsd.dat
/etc/security/tsd/tepolicies.dat