Install the Identity Management for UNIX component on Windows 2003 R2. This can be found under Add/Remove Windows Components, then double click on Active Directory Services.
Follow these steps to create an AES group.
Click Start > Run.
Type dsa.msc.
Click OK.
In the Active Directory Users and Computers dialog box, right click Builtin > New > Group.
In the New Object — Group dialog box, in Group name, type AES.
Click OK.
Optional Open the AES Group property, and click the UNIX Attributes tab.
Optional From the NIS Domain drop-down box, select the NIS domain to which this group belongs.
Optional Click OK.
Optional Follow these steps to configure the user’s UNIX attributes.
Create a user or use an existing user.
Open the User Properties dialog box.
Click the UNIX Attributes tab.
In NIS Domain, select the appropriate NIS domain.
From the Primary group name/GID drop-down box, select AES.
Click OK.
Follow these steps to set up user roles. See User roles for a list of user roles and corresponding privileges.
Create an attribute or use an existing attribute on LDAP with the value Security_administrator,Auditor.
Note:
If the user has multiple roles, use a comma for the delimiter. For example, Audit,System_Administrator,Security_Administrator,Backup_restore.
In the <user>SecurityAdmin Properties dialog box, in Description, type Security_administrator,Auditor.
Click OK.
Follow these steps to configure Enterprise Directory.
Log in to the AE Services as a system administrator.
On the AE Services management console menu, go to Security > Enterprise Directory.
On the Enterprise Directory page, in User Role Attribute Name, type description.
This field is the name of the user attribute which contains the user roles in LDAP.
Follow these steps to enable external LDAP.
Log in to the AE Services management console as a system/security administrator.
On the AE Services management console menu, go to Security > PAM > PAM Password Manager.
On the PAM Password Manager Configuration page, select External LDAP.
