These tools provide the bare necessities of adding, deleting, searching, modifying, exporting, and importing. They are a step up from "clown shoes" but if you are hoping for slick systems like phpLDAPadmin, go find it.
Aside LDAP searching, almost all interactions with slapd are done by creating a text file called LDIF (LDAP Data Interchange Format). You can use slapcat or slapadd to export/import LDIF files.
Some common terms used in LDAP:
dn - specifies the distinguished name, the full uid, ou, and/or dc of the thing. If we are talking the dn of the base then dn: cn=techhelplist,dc=com. If we are talking about a "timmy" in the People organizational unit, then dn: uid=timmy,ou=People,dc=techhelplist,dc=com
cn - specifies the domain components, like the base of the thing. Like dc=techhelplist,dc=com. Maybe you will have subdomains, more cn.
ou - specifies the organizational unit. Think LDAP groups, NOT POSIX groups. It's part of the structure of the database, and MAY or MAY NOT fall along your linux user:group lines, it won't matter. example: ou=Employees
Here is an example of LDIF file, initial.ldif:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: example.com dc: example dn: ou=People,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: GroupsMake sure there is no whitespace after each line, only newlines. Then you can import the file:
ldapadd -x -D "cn=admin,dc=example,dc=com" -w secretpassword -f initial.ldif
Add a new user:
Let's say you want to add a new user Tommy, prepare Tommy's LDIF file then import into LDAP:
dn: uid=Tommysomething,ou=People,dc=example,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: Tommy Something uid: Tommysomething uidNumber: 3000 gidNumber: 3000 homeDirectory: /home/Tommysomething loginShell: /bin/bash gecos: Tommy Something,Karate Instructor,Room 37A,435-555-555,801-555-555 userPassword: {crypt}x shadowLastChange: 0 shadowMax: 0 shadowWarning: 0Then import tommy.ldif:
ldapadd -x -D "cn=admin,dc=example,dc=com" -w secretpassword -f posix-user.ldif
Add user group:
Same as add Tommy, you prepare the LDIF file:
dn: cn=tommygroup,ou=Group,dc=example,dc=com objectClass: top objectClass: posixGroup cn: tommygroup userPassword: {crypt}x gidNumber: 3000
Then use ldapadd command to import the file.
Change user password:
You can use ldappasswd to update a user's password. The syntax is below:
ldappasswd -s newpassword -D "cn=admin,dc=example,dc=com" -w mysecretpassword -x uid=tommy,ou=People,dc=example,dc=com
Delete a user:
ldapdelete -D "cn=admin,dc=example,dc=com" -w mysecretpassword "uid=tommy,ou=People,dc=example,dc=com"
Add user to a group:
To add users into existing group, again, prepare a LDIF file:
dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user1 dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user2 dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user3
This time you need to use the ldapmodify command to make the update:
ldapmodify -x -D "cn=admin,dc=techhelplist,dc=com" -w mysecretpassword -f user2group.ldif
Like I said, this is a very simple tutorial, if you want to read more, go and read the OpenLDAP's admin guide: OpenLDAP Admin Guide
No comments:
Post a Comment