Reputation:
How to identify if currently logged in user is an LDAP user in Solaris
I want to know how to identify if the currently logged in user in Solaris is a LDAP user or local user.
Any command?
or any C Run time functions like getspname, getpwnam which returns an attribute saying it is an LDAP user or local user after user logged in?
Upvotes: 1
Views: 9701
Answers (5)
Reputation: 199
If you are using sss as part of the ipaclient package,
getent --service=sss passwd $USER | wc -l
will tell you if the user exists in the LDAP Database of the FreeIPA server.
Upvotes: 2
Reputation: 315
I am assuming that UID's that are "local" are in separate range from "LDAP". I'm also assuming that nsswitch is configured to use files and ldap for passwd, shadow, and or group. The command 'getent' should be present on GNU libc systems. I'm going to assume that the local 'files' databases are smaller than ldap source and so we will want to test the smaller and / or faster of the two sources.
if you wanted to determine if a given UID was present one of the databses you could run somthing similar to
$ getent --service=files passwd | grep 655
This could match the the default GID in the file so a more creative grep may be in order.
$ getent --service=files passwd | grep -e $.*:.*:655
If you are looking to turn this into a script-able item, then you will want to tack 'wc' on the end to do integer testing.
$ getent --service=files passwd | grep -e $.*:.*:655 | wc -l
This should return 0 if not found, or 1 (or more) if found. We would only test one source because we are assuming that we are testing a valid UID and that it will be in the other source if its not in here.
Lastly, as long as you are using nsswitch you should be able to use any of the C Libraries that support this to check if they are valid. I don't have any first hand experience with them, but i would assume that you can pass an option like we did here to only use a specific source. Alternately you can use the same logic as above and just cat /etc/passwd. Assuming again that if they arn't in here they are in ldap.
Upvotes: 2
Reputation: 30813
Ldaplist will tell you if the user has an entry in the ldap database. It doesn't sort out the case where the user has also an entry in the /etc/passwd file though.
ldaplist passwd username
Upvotes: 2
Reputation: 841
I have no idea how to tell what credentials they used to actually authenticate, but it should be easier to just look them up in the LDAP database and see if they are there. I use the ldap_client utility to look people up all the time. You need to know the name of the ldap server, and a few other details. Check the man page for it. For example, if the user has a local account, and they are in LDAP, the passwords that get checked at login will depend on the system configuration.
Upvotes: 0
Reputation: 100013
It is not going to be easy. You can open the password file and look for them. If they aren't there, conclude LDAP. Unless, of course, it's NIS. Or Kerberos. If your version of Solaris has PAM you could read up on that to see if it has any relief to offer.
Upvotes: 1
Related Questions
- Check for user logged in with Active Directory in Java application
- How to check if a user is in an LDAP group
- LDAP | Check If UserID is Existing on AD
- How to get current login user information in LDAP
- How to check if currently logged in user exists in Active Directory
- Finding out if LDAP user in Sun Directory Server 5.2 is locked out, in Java
- How to check if a user is already login in the LDAP server
- How do I check Active Directory user credentials using LDAP?
- How to check if LDAP user exists/active?
- ldap - find out details of a user