Add a new user or group

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

There are several ways to manipulate user accounts in our LDAP database. For more detailed information see the LDAP page.

GUI Applications

There are a couple of graphical applications for managing LDAP databases.

  • Luma is a QT-based LDAP management application for Linux written in python. It should be available on all NPG workstations. Instructions for user management with Luma are here.
  • Jxplorer is a java based graphical application for browsing and managing LDAP databases.

Adding users from the console

It appears that the the utilities /usr/sbin/luseradd, /usr/sbin/luserdel, and /usr/sbin/lusermod are intended to allow administrators to add, delete, and modify users from the command line. Unfortunately they don't seem to work in our LDAP environment. There is alternative method to add or modify LDAP entries using the ldapadd and ldapmodify commands, but it's a bit more complex. Here's a quick overview:

In order to add or modify entries this way you'll first need an LDIF file. You can export an existing entry in the LDAP directory using the Luma browser plugin, or via the ldapsearch command. Here's the command you need to export an existing entry to an ldif file:

ldapsearch -x -L 'uid=user' > user.ldif

Here is a sample LDIF file for a user account:

dn: uid=fry,ou=People,dc=physics,dc=unh,dc=edu
uid: fry
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
uidNumber: 6000
gidNumber: 6000
gecos: Phillip J. Fry
sn: fry
homeDirectory: /net/home/fry
mail: PhillipJFry@planetexpress.com
cn: Philip J. Fry

You can use the following command to add the contents of this ldif file to the LDAP database. If you're logged into Einstein as root run this command:

ldapadd  -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f user.ldif

NOTE: If you're running the command via sudo you need to explicitly set the home environment to root. This should do the trick:

 env HOME=/root ldapadd  -x -W -D "cn=root,dc=physics,dc=unh,dc=edu" -v -f user.ldif