Rob's web

Home - Techniek - Computer - Servers - LDAP server - Managing user accounts

Managing user accounts

Add the organizational unit

Create another LDIF file ou.ldif to define organizational units:

# vi ou.ldif
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

Apply the organizational units configuration:

# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f ou.ldif

To verify new OUs added to the LDAP directory, you can use a similar ldapsearch command:

# ldapsearch -x -LLL -b dc=example,dc=com "(ou=*)" dn

Add new users and groups

Add new group

Create an LDIF file new_group.ldif to create a new group. Add the following content to create a new group:

# vi new_group.ldif
dn: cn=developers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: developers
gidNumber: 1001

Apply the changes:

# ldapadd -x -D cn=admin,dc=example,dc=com -W -f new_group.ldif

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(cn=developers)"

Add new user

Create an LDIF file new_user.ldif to create a new user. Add the following content to create a new user:

# vi w_user.ldif
dn: uid=jdoe,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
cn: John Doe
sn: Doe
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/jdoe
loginShell: /usr/bin/bash
mail: jdoe@example.com
userPassword: {SSHA}YourHashedPasswordHere

Apply the changes:

# ldapadd -x -D cn=admin,dc=example,dc=com -W -f new_user.ldif

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(uid=jdoe)"

Modify users and groups

Modify group

Create an LDIF file modify_group.ldif to modify a group. Add the modifications, for example, adding a member:

# vi modify_group.ldif
dn: cn=developers,ou=groups,dc=example,dc=com
changetype: modify
add: memberUid
memberUid: jdoe

Apply the changes:

# ldapmodify -x -D cn=admin,dc=example,dc=com -W -f modify_group.ldif

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(cn=developers)"

Modify user

Create an LDIF file modify_user.ldif to modify a user. Add the modifications, for example, changing the user's shell:

# modify_user.ldif
dn: uid=jdoe,ou=people,dc=example,dc=com
changetype: modify
replace: loginShell
loginShell: /usr/bin/bash

Apply the changes:

# ldapmodify -x -D cn=admin,dc=example,dc=com -W -f modify_user.ldif

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(uid=jdoe)"

Delete users and groups

Delete group

Create an LDIF file delete_group.ldif to delete a group. Add the following content:

# vi delete_group.ldif
dn: cn=developers,ou=groups,dc=example,dc=com
changetype: delete

Apply the changes:

# ldapdelete -x -D cn=admin,dc=example,dc=com -W cn=developers,ou=groups,dc=example,dc=com

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(cn=developers)"

You should not get any response for this as the group will be deleted.

Delete user

Create an LDIF file delete_user.ldif to delete a user. Add the following content:

# vi delete_user.ldif
dn: uid=jdoe,ou=people,dc=example,dc=com
changetype: delete

Apply the changes:

# ldapdelete -x -D cn=admin,dc=example,dc=com -W uid=jdoe,ou=people,dc=example,dc=com

Verify the changes:

# ldapsearch -x -LLL -b dc=example,dc=com "(uid=jdoe)"

You should see empty response.