Management of local users on linux operating systems using the fanout driver
I have deployed the fanout driver for provisioning and de-provisioning of system users on linux.
I need to configure the driver so that
(a) if a local user is created by a root user, the same can be reset or deleted by the fanout driver
(b) if a local user is created by a root user, the password of the same can be reset by the system immediately whenever the password is locally set.
The Bidirectional Driver may also have functionality for (b) by leveraging PAM.
I would highly recommend looking at a PAM solution, specifically an AD bridging feature. This will allow your end-users to login using their primary LDAP credential. It can also extend the use of AD groups for rights and provide a sudo-like tool for privilege escalation.
As much as I love IDM, the IDM fanout and bidirectional features are not as good a solution as PAM for these types of use cases.
GCA Technology Services