views:

308

answers:

3

Hi I am new to LDAP. I want to know how to identify if the currently logged in user in Solaris is a LDAP user or local user. Any command? or any C Run time functions like getspname, getpwnam which returns an attribute saying it is an LDAP user or local user after user logged in. I am looking for Solaris.

A: 

It is not going to be easy. You can open the password file and look for them. If they aren't there, conclude LDAP. Unless, of course, it's NIS. Or Kerberos. If your version of Solaris has PAM you could read up on that to see if it has any relief to offer.

bmargulies
Thank you for the reply. I don't think we should conclude based on password file. Reason being not everyone has access to shadow password files. Do you know if we can conclude based on the output of getent passwd user. May be the format of the output. May be local user output format and LDAP user format may be different?
you don't need the shadow file, just the plain one. getpwent might return fabricated entries from LDAP ...
bmargulies
A: 

I have no idea how to tell what credentials they used to actually authenticate, but it should be easier to just look them up in the LDAP database and see if they are there. I use the ldap_client utility to look people up all the time. You need to know the name of the ldap server, and a few other details. Check the man page for it. For example, if the user has a local account, and they are in LDAP, the passwords that get checked at login will depend on the system configuration.

Chris Quenelle
A: 

Ldaplist will tell you if the user has an entry in the ldap database. It doesn't sort out the case where the user has also an entry in the /etc/passwd file though.

ldaplist passwd username
jlliagre