Difference between revisions of "Add a new user or group"
| m | m | ||
| Line 1: | Line 1: | ||
| − | + | There are several ways to manipulate user accounts in our LDAP database. For more detailed information see the [[LDAP]] page. | |
| =GUI Applications= | =GUI Applications= | ||
| Line 5: | Line 5: | ||
| There are a couple of graphical applications for managing LDAP databases.   | There are a couple of graphical applications for managing LDAP databases.   | ||
| − | *[[Luma]] is a QT-based LDAP management application for Linux written in python. It should be available on all NPG workstations. Instructions for user management with Luma are [[ | + | *[[Luma]] is a QT-based LDAP management application for Linux written in python. It should be available on all NPG workstations. Instructions for user management with Luma are [[Luma#User_Management_with_Luma|here]].   | 
| *[http://jxplorer.org/ Jxplorer] is a java based graphical application for browsing and managing LDAP databases. | *[http://jxplorer.org/ Jxplorer] is a java based graphical application for browsing and managing LDAP databases. | ||
| =Adding users from the console= | =Adding users from the console= | ||
| + | |||
| + | It appears that the the utilities /usr/sbin/luseradd, /usr/sbin/luserdel, and /usr/sbin/lusermod are intended to allow administrators to add, delete, and modify users from the command line. Unfortunately they don't seem to work in our LDAP environment. There is alternative method to add or modify LDAP entries using the ldapadd and ldapmodify commands, but it's a bit more complex. Here's a quick overview: | ||
| + | |||
| + | In order to add or modify entries this way you'll first need an LDIF file. You can export an existing entry in the LDAP using the [[Luma]] browser plugin, or via the ldapsearch command. Here's the command you need to export an existing entry to an ldif file:  | ||
| + | |||
| + |  ldapsearch -x -L 'uid=editme' > editme.ldif | ||
| + | |||
| + | Here is a sample LDIF file for a user account: | ||
| + | |||
| + |  #LDIF file for Phillip Fry's user account | ||
| + |  dn: uid=fry,ou=People,dc=physics,dc=unh,dc=edu | ||
| + |  uid: fry | ||
| + |  objectClass: top | ||
| + |  objectClass: posixAccount | ||
| + |  objectClass: shadowAccount | ||
| + |  objectClass: inetOrgPerson | ||
| + |  objectClass: organizationalPerson | ||
| + |  objectClass: person | ||
| + |  loginShell: /bin/bash | ||
| + |  uidNumber: 6000 | ||
| + |  gidNumber: 6000 | ||
| + |  gecos: Phillip J. Fry | ||
| + |  sn: adent | ||
| + |  homeDirectory: /net/home/fry | ||
| + |  mail: PhillipJFry@gmail.com | ||
| + |  cn: Philip J. Fry | ||
| + | |||
| + | You can use the following command to add the contents of this ldif file to the LDAP database. If you're logged into [[Einstein]] as root run this command: | ||
| + | |||
| + |  ldapadd  -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f editme.ldif | ||
| + | |||
| + | NOTE: If you're running the command via sudo you need to explicitly set the home environment to root. This should do the trick: | ||
| + | |||
| + |   env HOME=/root ldapadd  -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f editme.ldif | ||
Revision as of 23:20, 19 November 2010
There are several ways to manipulate user accounts in our LDAP database. For more detailed information see the LDAP page.
GUI Applications
There are a couple of graphical applications for managing LDAP databases.
- Luma is a QT-based LDAP management application for Linux written in python. It should be available on all NPG workstations. Instructions for user management with Luma are here.
- Jxplorer is a java based graphical application for browsing and managing LDAP databases.
Adding users from the console
It appears that the the utilities /usr/sbin/luseradd, /usr/sbin/luserdel, and /usr/sbin/lusermod are intended to allow administrators to add, delete, and modify users from the command line. Unfortunately they don't seem to work in our LDAP environment. There is alternative method to add or modify LDAP entries using the ldapadd and ldapmodify commands, but it's a bit more complex. Here's a quick overview:
In order to add or modify entries this way you'll first need an LDIF file. You can export an existing entry in the LDAP using the Luma browser plugin, or via the ldapsearch command. Here's the command you need to export an existing entry to an ldif file:
ldapsearch -x -L 'uid=editme' > editme.ldif
Here is a sample LDIF file for a user account:
#LDIF file for Phillip Fry's user account dn: uid=fry,ou=People,dc=physics,dc=unh,dc=edu uid: fry objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash uidNumber: 6000 gidNumber: 6000 gecos: Phillip J. Fry sn: adent homeDirectory: /net/home/fry mail: PhillipJFry@gmail.com cn: Philip J. Fry
You can use the following command to add the contents of this ldif file to the LDAP database. If you're logged into Einstein as root run this command:
ldapadd -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f editme.ldif
NOTE: If you're running the command via sudo you need to explicitly set the home environment to root. This should do the trick:
env HOME=/root ldapadd -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f editme.ldif
