Announcement

Collapse
No announcement yet.

AD set default attributes on user registration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD set default attributes on user registration

    Hello. I'm trying to setup AD authentication on Unix servers using pam_ldap. I need some unix attributes to have default value on user creation. While some attributes like loginShell should be always the same, others, (uidNumber, gidNumber), must take the first available value starting from 10000, for example. Is that possible? If so, how? Using ADSIedit, the only difference I see between, for example, uid and sAMAccountName is the isMemberOfPartialAttributeSet attrubute.
    Also, I don't quite understand what is "unicodePwd" attribute's role in integration between Windows and Unix. Could someone shed some light?

  • #2
    Re: AD set default attributes on user registration

    Your post has a lot of different questions. Which is the most important to you?

    mlum

    Comment


    • #3
      Re: AD set default attributes on user registration

      only two, more important is in the name of the topic. How do I assign defaults to some attributes so that they have default values on user creation?

      Comment


      • #4
        Re: AD set default attributes on user registration

        Using a user template would be the easiest for static default values, but for values that increment? I don't know if there is an attribute that behaves like a unique ID column in a database that increments for each row added. Is that what you are after?

        mlum

        Comment


        • #5
          Re: AD set default attributes on user registration

          Regarding your query about unicodePwd, I'm not sure what your are asking but it can be changed via ldap, there fore should be changable via a UNIX host:

          http://support.microsoft.com/?kbid=269190

          I have no experience of changing unicodePwd via a UNIX host but these people seem to have had some:

          http://www.eyrie.org/~eagle/journal/2007-07/010.html

          They don't seem to have found it easy though

          Here's another link:

          http://www.securityfocus.com/infocus/1563

          Not sure precisely what you are asking.
          mlum

          Comment


          • #6
            Re: AD set default attributes on user registration

            ok, template was exactly what I was looking for. I didn't realize it is as simple as just copying a user. However, as someone pointed at another forum, I can't possibly assign uidNumbers using ADUC, since DC's aren't always in consistent state. Seems like the only way to go is to write a script that will modify attributes every 5 minutes or so - on 1 of the DC's.

            Comment

            Working...
            X