delegate access control in Openldap

Leave a comment Linux Leave a comment

I have an OU (organizational unit) named “vendor”. How to delegate access control management to one user for this OU alone? Is it possible like windows AD?

Yes, using Openldap access control rules you can create fine grained access control policies. Have tested personally and discussed here. In two places you must need this.

  1. It will be useful in organizations where multiple parties involved but using common authentication system. Because other third parties no need to depend on LDAP admin for password reset stuff.
  2. Another massive usage is for organizations with large or medium number of users. For delegating password reset task to service desk team.

Continue reading “delegate access control in Openldap”


Configure password quality check – Openldap

1 Comment Linux 1 Comment

Topics

1.  Password quality check options – Openldap

2.  Configure password quality check – Openldap

How to implement password quality (complexity) enforcement rules? How to test the functionality?

In my previous discussion explained about various options available to implement password quality (complexity) check. Now I am going to demonstrate enforcing password complexity rules using “pqchecker” library. Continue reading “Configure password quality check – Openldap”


Fix insufficient access (50) error – Openldap

3 Comments Linux 3 Comments

Are you trying to update Openldap global or config database configuration? Getting insufficient access error (50)?

So, What is the BIND dn (i.e username) you are using? The error simply says that BIND dn authentication successful but it does not have write access to database you are trying to modify.

# ldapmodify –axw ppsswwdd -D "cn=manager,dc=sunt,dc=com" -f db.ldif
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Insufficient access (50)

Continue reading “Fix insufficient access (50) error – Openldap”


Restrict ‘su’ command – SUSE

Leave a comment Linux , Leave a comment

By default all user has access to command “su”. This command allows login to other user from current shell. Of course they should know target user password. The problem is you cannot have control/log of users once they switched successfully. What happens if the user by chance able to switch as root?

Desired secure method to switch across user is restrict “su” command. Enforce them to use “sudo” instead. Continue reading “Restrict ‘su’ command – SUSE”


Avoid cluster filesystem entering read-only mode

Leave a comment Linux , Leave a comment

Linux kernel remounts the filesystem into read-only mode whenever it cannot process I/O. This might happen due to various reasons such as disk failure, SAN connectivity issue, disk with bad blocks etc. On Virtual machine and SAN based storage environment even the high latency may lead to I/O hung and result in read-only mode. Continue reading “Avoid cluster filesystem entering read-only mode”


debug pacemaker cluster easily

Leave a comment Linux , Leave a comment

Debugging pacemaker cluster through logs will be much more easier post reading this article. This would help you in either troubleshooting or root cause analysis. It does not need any additional tools except your attention. Have reproduced and collected logs from various scenario to present here as example. I used SUSE 11 with HAE system for testing.

The first thing to do is look in system log for the terms ERROR and WARN.

#grep -e ERROR -e WARN /var/log/messages Continue reading “debug pacemaker cluster easily”


How to use SUDO Runas alias?

Leave a comment Linux Leave a comment

Usually SUDO used by non-superuser to run command with root privileges. But in few scenario application/commands stick with it native user. Even with root user privileges it won’t work as expected. For example to run any oracle commands you need to be oracle user.

Here consider mission critical application “xapp1” and it uses user “app1”. Allowing others to login as app1 will result in trouble. The secure way is to allow user to execute limited commands as app1 user. Continue reading “How to use SUDO Runas alias?”


Easy way to open Linux X-Term in Windows

Leave a comment Linux Leave a comment

Using Xming & Putty can connect to remote Linux X-server from windows desktop. By this way you will be able to view remote server GUI from windows desktop. This avoids need of physical console access to server.

Because granting server console access to application or normal user is a bad idea. One of my user pressed Ctr+Alt+Del while working on VMware virtual machine console. Which made system to reboot.

Continue reading “Easy way to open Linux X-Term in Windows”