These tools provide the bare necessities of adding, deleting, searching, modifying, exporting, and importing. They are a step up from "clown shoes" but if you are hoping for slick systems like phpLDAPadmin, go find it.
Aside LDAP searching, almost all interactions with slapd are done by creating a text file called LDIF (LDAP Data Interchange Format). You can use slapcat or slapadd to export/import LDIF files.
Some common terms used in LDAP:
dn - specifies the distinguished name, the full uid, ou, and/or dc of the thing. If we are talking the dn of the base then dn: cn=techhelplist,dc=com. If we are talking about a "timmy" in the People organizational unit, then dn: uid=timmy,ou=People,dc=techhelplist,dc=com
cn - specifies the domain components, like the base of the thing. Like dc=techhelplist,dc=com. Maybe you will have subdomains, more cn.
ou - specifies the organizational unit. Think LDAP groups, NOT POSIX groups. It's part of the structure of the database, and MAY or MAY NOT fall along your linux user:group lines, it won't matter. example: ou=Employees
Here is an example of LDIF file, initial.ldif:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: example.com dc: example dn: ou=People,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: GroupsMake sure there is no whitespace after each line, only newlines. Then you can import the file:
ldapadd -x -D "cn=admin,dc=example,dc=com" -w secretpassword -f initial.ldif
Add a new user:
Let's say you want to add a new user Tommy, prepare Tommy's LDIF file then import into LDAP:
dn: uid=Tommysomething,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: Tommy Something
uid: Tommysomething
uidNumber: 3000
gidNumber: 3000
homeDirectory: /home/Tommysomething
loginShell: /bin/bash
gecos: Tommy Something,Karate Instructor,Room 37A,435-555-555,801-555-555
userPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
Then import tommy.ldif:ldapadd -x -D "cn=admin,dc=example,dc=com" -w secretpassword -f posix-user.ldif
Add user group:
Same as add Tommy, you prepare the LDIF file:
dn: cn=tommygroup,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: tommygroup
userPassword: {crypt}x
gidNumber: 3000
Then use ldapadd command to import the file.
Change user password:
You can use ldappasswd to update a user's password. The syntax is below:
ldappasswd -s newpassword -D "cn=admin,dc=example,dc=com" -w mysecretpassword -x uid=tommy,ou=People,dc=example,dc=com
Delete a user:
ldapdelete -D "cn=admin,dc=example,dc=com" -w mysecretpassword "uid=tommy,ou=People,dc=example,dc=com"
Add user to a group:
To add users into existing group, again, prepare a LDIF file:
dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user1 dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user2 dn: cn=accounting,ou=Group,dc=techhelplist,dc=com changetype: modify add: memberuid memberuid: user3
This time you need to use the ldapmodify command to make the update:
ldapmodify -x -D "cn=admin,dc=techhelplist,dc=com" -w mysecretpassword -f user2group.ldif
Like I said, this is a very simple tutorial, if you want to read more, go and read the OpenLDAP's admin guide: OpenLDAP Admin Guide
No comments:
Post a Comment