If I create a new user id test:
mkuser id=400 test
then I want it to LDAP user:
chuser -R LDAP SYSTEM=LDAP registry=LDAP test
It shows:
3004-687 User "test" does not exist.
How to do?
For a start do not use "test" as the name. Make it a habit to choose sth. like "mytestuser", "mytestdir", "mytestfile"....
Run the following command:
ls-secldapclntd and post the output.
Thanks.
Might as well post your /etc/security/ldap/ldap.cfg and /usr/lib/security/methods.cfg.
Along with the stanza for /etc/security/user for the user "test"
Thanks.
With those parameters, you are telling AIX to disregard the local user info on that user because it is an LDAP user. All the normal user commands you are used to do not show user information from your LDAP. If you were to change the parameters back or remove its entry from the /etc/security/user file, you could then see the user's attributes.
Do you have your box configured so it can query from an LDAP? I worked on setting mine up like that for quite a while and never got it to work 100%. Now I'm working on getting my users to authenticate via the Windows Server 2008 KDC (Kerberos) instead and keep all the user attributes on my local machine. I think this will be simpler. I haven't met anyone yet who actually does full authentication via an LDAP.
You can perform a normal lsuser and you can see certain types of information retrieved from LDAP. If it is setup correctly.
You can extend your LDAP schema to allow a "better" integration between AIX and LDAP. I use LDAP in my environment and it works for us.