I have enabled LDAP login to the Gateway appliance. I then updated the .bash_profile for the ldap user with which I login to the debian server but every time I login the .bash_profile gets reverted to the original file.
How can that behavior be prevented?
Release : 11.0
According to the logic of bashProfileFileReplace.sh , it will overwrite the .bash_profile every login
1. go to /opt/SecureSpan/Platform/bin/ folder
- Save a copy of the original file and Edit configuser_profile_menu.sh
- comment the line where appears GETROOT (line #24) and add this new one (GETROOT=bash) , this will redirect the login user without passing through the ssg gateway menu
user will have restricted access to run certain commands only.
#GETROOT="su -"
GETROOT=bash
2. Rename this configuser_profile_menu.sh file as needed , example : ldap_profile_menu.sh and copy the file to your working directory, example : copied to /etc/openldap/
3. got to /etc/skel_ssg/ folder,
ls -la
** rename .bash_profile file , as example .bash_profileOrig and do a copy of this file with a name .bash_profile
4. Edit and modify the .bash_profile , replace the following line
source /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh
by
source /etc/openldap/ldap_profile_menu.sh
save and exit the file
5. go to /opt/SecureSpan/Platform/bin folder and edit the bashProfileFileReplace.sh file and comment out the following lines at the end of this file :
checkIfFileExist
checkIfUserInGroup
compareChecksum
replaceBashProfileFile
should appears this way
# checkIfFileExist
# checkIfUserInGroup
# compareChecksum
# replaceBashProfileFile
save and exit
6. Run test to login in
a) check the current size of the .bash_profile into the /home/user01 folder
b) login in again, and check if the .bash_profile size has changed.(should not) so maintaining the correct version of file (not overwritten)
Notes :
- user01 was created previously on LDAP or AD server so it is an existing domain user.
- Need to use the following instructions depending if you will use AD or LDAP
Configure authentication method ssh to gateway with ldap users support
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/learning-center/configure-the-gateway-for-kerberos-token-based-authentication/generate-a-kerberos-keytab-file.html