AIX auditing for LDAP users

view story

http://unix.stackexchange.com – I've discovered a problem with the way AIX uses auditclasses to determine which system calls are audited. If a user is defined in LDAP, their auditclasses attribute is blank. I found an APAR which states, prior to AIX 5.3, the default user stanza in /etc/security/audit/config was applied to users without an auditclasses attribute. However, this no longer seems to be the case in AIX 5.3 or higher. I know there's a RFC2307AIX schema, which defines this LDAP attribute. However, I'd like to set a local default auditclasses and not have to convince the Active Directory admins to apply a schema (HowTos)