Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
prasenjitmass
prasenjitmass Respected Contributor.
Respected Contributor.
‎2019-10-23 13:26
110 views

Management of local users on linux operating systems using the fanout driver

Hi,

I have deployed the fanout driver for provisioning and de-provisioning of system users on linux.

I need to configure the driver so that 

(a) if a local user is created by a root user, the same can be reset or deleted by the fanout driver

(b) if a local user is created by a root user, the password of the same can be reset by the system immediately whenever the password is locally set.

 

Labels (1)
Tags (1)
0 Likes
Reply
2 Replies
Zygomax
Micro Focus Expert
Micro Focus Expert
‎2019-10-24 16:53

Re: Management of local users on linux operating systems using the fanout driver

For (a) you might look at a different Driver, the Bidirectional Linux/UNIX Driver: https://www.netiq.com/documentation/identity-manager-47-drivers/bi_impl_nx/data/bi_impl_nx.html. The reason is that accounts created on Platforms are not synchronized to the Fan-Out Driver, but the Bidirectional Driver can do that.
The Bidirectional Driver may also have functionality for (b) by leveraging PAM.

Regards,
Sam
0 Likes
Reply
rivey
rivey Super Contributor.
Super Contributor.
‎2019-10-24 19:16

Re: Management of local users on linux operating systems using the fanout driver

I would highly recommend looking at a PAM solution, specifically an AD bridging feature.  This will allow your end-users to login using their primary LDAP credential.  It can also extend the use of AD groups for rights and provide a sudo-like tool for privilege escalation.  

As much as I love IDM, the IDM fanout and bidirectional features are not as good a solution as PAM for these types of use cases.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.