Management of local users on linux operating systems using the fanout driver


I have deployed the fanout driver for provisioning and de-provisioning of system users on linux.

I need to configure the driver so that 

(a) if a local user is created by a root user, the same can be reset or deleted by the fanout driver

(b) if a local user is created by a root user, the password of the same can be reset by the system immediately whenever the password is locally set.


Labels (1)
Tags (1)
2 Replies

For (a) you might look at a different Driver, the Bidirectional Linux/UNIX Driver: https://www.netiq.com/documentation/identity-manager-47-drivers/bi_impl_nx/data/bi_impl_nx.html. The reason is that accounts created on Platforms are not synchronized to the Fan-Out Driver, but the Bidirectional Driver can do that.
The Bidirectional Driver may also have functionality for (b) by leveraging PAM.

Vice Admiral
Vice Admiral

I would highly recommend looking at a PAM solution, specifically an AD bridging feature.  This will allow your end-users to login using their primary LDAP credential.  It can also extend the use of AD groups for rights and provide a sudo-like tool for privilege escalation.  

As much as I love IDM, the IDM fanout and bidirectional features are not as good a solution as PAM for these types of use cases.

Robert Ivey
GCA Technology Services
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.