Implementation Guide › Installing and Customizing a UNAB Host › How to Implement Full Integration Mode

How to Implement Full Integration Mode

In full integration mode, the UNAB endpoint relies on the Active Directory server to both authenticate and authorize users.

To implement UNAB in full integration mode

1. Implement UNAB.

   This step installs and activates UNAB on UNIX endpoints.

2. Install a tool that lets you manage the UNIX attributes of Active Directory users.

   Because Active Directory Users and Computers does not expose UNIX attributes, you must install an additional tool to view and modify these attributes. For example, you can use the CA ControlMinder UNIX Attributes plug-in, Microsoft Identity Management for UNIX, ADSI Edit, or a simple LDAP client to view and modify UNIX attributes.

3. Migrate the attributes of users and groups on UNAB endpoints to Active Directory. Do one of the following:
   • Use the UNAB migration tool to copy the properties of UNAB endpoint users and groups to Active Directory.
   • Use the tool that you installed in Step 2 to manually configure the attributes of UNAB endpoint users and groups on Active Directory.

   This step lets you use Active Directory to control access to the endpoints. UNAB is now implemented in full integration mode.

4. (Optional) Delegate permission to manage privileges for UNAB users and groups to UNIX administrators on Active Directory.
5. Use the tool that you installed in Step 2 to update the UNIX attributes of Active Directory as needed.

   For example, an administrator uses the tool to update a user's default login shell.