PLG's LDAP

Adding users

  • MUST be root in the core for the following steps!

Step 1: Find out the UID and GID of newuserid in the CS core:

  • make sure you have /fsys1/.software/local/.admin/bins/maintenance in your path
    • for bash: export PATH=$PATH:/fsys1/.software/local/.admin/bins/maintenance/
  • Verify that they exist in the core and get their GID and UID *
          # idregistry request type=Group mpatterson
            mpatterson:1633
          # idregistry request type=user mpatterson
            mpatterson:1633
         
- or -
      # grep newuserid /etc/passwd
      newuserid:x:12345:12345:New User's Name,,,,:/u3/newuserid:/xhbin/bash
      
NOTE - if the do NOT exist they have to be added to the sponsor file!
  • Step 1b: Find their encrypted password on the CS core:
         # grep newuserid /etc/shadow
           newuserid:SomeEncryptedPassword:::::::
         
-or-
      # *userinfo userid*

   * Step 1c: Reserve the UID/GID in the CS core if it doesn't already exist
      ( if it does not exist we have to add the the sponsor file)

As root on cscf.cs:
# idrequest require newuserid
# idrequest require newuserid t=g
---+++ Step 2: Create the LDIF file for that user on plg2: Login as cscf-adm on plg2 and then run the "adder.pl" script as root: adder.pl newuserid uid gid encryptedpassword
% ssh cscf-adm@plg2.math
cscf-adm@plg2:~$ sudo -s
root@plg2:/ux/cscf-adm# 
# cd /root/people
root@plg2:/root/people# ./adder.pl newuserid 12345 12345 SomeEncryptedPassword
root@plg2:/root/people# ls -al
total 100
<...snip...>
-rw-r--r--  1 root root   401 Jan  5 10:02 newuserid.ldif
* Step 2b: The resulting LDIF file:
root@plg2:/root/people# cat newuserid.ldif
dn: cn=newuserid,ou=Groups,dc=math,dc=uwaterloo,dc=ca
cn: newuserid
gidNumber: 1476
objectClass: posixGroup
objectClass: top

dn: uid=newuserid,ou=People,dc=math,dc=uwaterloo,dc=ca
uid: newuserid
cn: newuserid
sn: unknown
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}SomeEncryptedPassword
loginShell: /bin/bash
uidNumber: 1476
gidNumber: 1476
homeDirectory: /u/newuserid
---+++ Step 3: Add that LDIF file to the LDAP database:
root@plg2:/root/people# ./addtoldap.sh newuserid.ldif

Enter LDAP Password:
adding new entry "cn=newuserid,ou=Groups,dc=math,dc=uwaterloo,dc=ca"

adding new entry "uid=newuserid,ou=People,dc=math,dc=uwaterloo,dc=ca"

root@plg2:/root/people#
(Note: LDAP password in password box under "PLG LDAP") ---+++ Step 4: let user know that their login is ready * let them know that their password is the same as in the CS core ---++ Getting a dump of the entire LDAP database * become root on plg2 * # cd /root/people (not strictly necessary, but let's keep everything in one place) * # slapcat -l tempfilename.ldif * ... look, look, look ... * # rm tempfilename.ldif (for neatness sake) ---++ Changing a user's password * become root on plg2 * # =cd /root/people= * # =./newldappasswd.sh userid=
root@plg2:/root/people# ./newldappasswd.sh userid
New password:   {enter the new password}
Re-enter new password: {enter the new password again}
Enter LDAP Password: {enter the PLG LDAP password}
---++ Deleting a user entry * more research required ...
Topic revision: r8 - 2011-01-19 - MikeGore
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback