TWiki> CF Web>Research>ResearchGroups>ProgrammingLanguages>PlgLdap (2011-01-19, MikeGore) EditAttach

PLG's LDAP

Adding users

  • MUST be root in the core for the following steps!

Step 1: Find out the UID and GID of newuserid in the CS core:

  • make sure you have /fsys1/.software/local/.admin/bins/maintenance in your path
    • for bash: export PATH=$PATH:/fsys1/.software/local/.admin/bins/maintenance/
  • Verify that they exist in the core and get their GID and UID * 
          # idregistry request type=Group mpatterson
        mpatterson:1633
      # idregistry request type=user mpatterson
        mpatterson:1633
- or - 
      # grep newuserid /etc/passwd
      newuserid:x:12345:12345:New User's Name,,,,:/u3/newuserid:/xhbin/bash
NOTE - if the do NOT exist they have to be added to the sponsor file!
  • Step 1b: Find their encrypted password on the CS core: 
         # grep newuserid /etc/shadow
       newuserid:SomeEncryptedPassword:::::::
-or- 
      # *userinfo userid*

   * Step 1c: Reserve the UID/GID in the CS core if it doesn't already exist
      ( if it does not exist we have to add the the sponsor file)

As root on cscf.cs:

# idrequest require newuserid
# idrequest require newuserid t=g



---+++ Step 2: Create the LDIF file for that user on plg2:
Login as cscf-adm on plg2 and then run the "adder.pl" script as root:

adder.pl newuserid uid gid encryptedpassword


% ssh cscf-adm@plg2.math
cscf-adm@plg2:~$ sudo -s
root@plg2:/ux/cscf-adm# 
# cd /root/people
root@plg2:/root/people# ./adder.pl newuserid 12345 12345 SomeEncryptedPassword
root@plg2:/root/people# ls -al
total 100
<...snip...>
-rw-r--r--  1 root root   401 Jan  5 10:02 newuserid.ldif



   * Step 2b: The resulting LDIF file:

root@plg2:/root/people# cat newuserid.ldif
dn: cn=newuserid,ou=Groups,dc=math,dc=uwaterloo,dc=ca
cn: newuserid
gidNumber: 1476
objectClass: posixGroup
objectClass: top

dn: uid=newuserid,ou=People,dc=math,dc=uwaterloo,dc=ca
uid: newuserid
cn: newuserid
sn: unknown
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}SomeEncryptedPassword
loginShell: /bin/bash
uidNumber: 1476
gidNumber: 1476
homeDirectory: /u/newuserid



---+++ Step 3: Add that LDIF file to the LDAP database:

root@plg2:/root/people# ./addtoldap.sh newuserid.ldif

Enter LDAP Password:
adding new entry "cn=newuserid,ou=Groups,dc=math,dc=uwaterloo,dc=ca"

adding new entry "uid=newuserid,ou=People,dc=math,dc=uwaterloo,dc=ca"

root@plg2:/root/people#




(Note: LDAP password in password box under "PLG LDAP")

---+++ Step 4: let user know that their login is ready
      * let them know that their password is the same as in the CS core

---++ Getting a dump of the entire LDAP database
   * become root on plg2
   * # cd /root/people   (not strictly necessary, but let's keep everything in one place)
   * # slapcat -l tempfilename.ldif
   * ... look, look, look ...
   * # rm tempfilename.ldif   (for neatness sake)

---++ Changing a user's password
   * become root on plg2
   * # =cd /root/people=
   * # =./newldappasswd.sh userid=

root@plg2:/root/people# ./newldappasswd.sh userid
New password:   {enter the new password}
Re-enter new password: {enter the new password again}
Enter LDAP Password: {enter the PLG LDAP password}



---++ Deleting a user entry
   * more research required ...
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r8 - 2011-01-19 - MikeGore
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback