[custom-header-login]
We saw in the first video that we can use LDIF files to create objects within our openLDAP server; we created to OUs for People and Groups. We start in the same manner looking at how we can start creating the leaf objects, rather than containers, users and groups in the directory. This can be achieved with LDIF files, but if this does not exactly “float your boat” then we can look later in the video at scripts that Ubuntu supply to assist.
Creating a group
The LDIF file to create a group will be normally be quite small, it does not have many attributes.
dn: cn=ldapusers,ou=group,dc=tup,dc=com objectClass: posixGroup cn: ldapusers gidNumber: 4000
Here we create the ldapusers group in the group OU.
Creating posix users
POSIX users are users that authenticate to Linux and have the required attributes. A sample account can be seen below where we create the Mike account to belong to the ldapusers group we created before:
dn: uid=mike,ou=people,dc=tup,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: mike sn: smith givenName: mike cn: mike uidNumber: 4000 gidNumber: 4000 userPassword: Password1 loginShell: /bin/bash homeDirectory: /home/mike
Create non-posix user
Users though may also exist in the Directory but may be they are not required for Linux authentication, in which case the entry is less verbose without including the POSIX attributes, these accounts can be used for authentication to Apache, MySQL or other LDAP applications such as a Company White Pages:
dn: cn=joef,ou=people,dc=tup,dc=com objectClass: inetOrgPerson sn: falls givenName: joe cn: joef userPassword: Password1
Using LDAPSCRIPTS
Now if this isn’t working for you we can look at the ldapscripts package from Ubuntu:
sudo apt-get install -y ldapscripts
Once installed we can configure the scripts using the file: /etc/ldapscripts/ldapscripts.conf. We can configure the LDAP server to connect to the domain suffix and admin accounts. We can even set the scripts to create the user’s home directories. If we are to use the ldapscripts.passwd file we can populate it with echo -n Password1 > /etc/ldapscripts/ldapscripts.passwd; this needs to be run as root.
Once set we can create users with the command:
sudo ldapadduser fred ldapgroup
The video explains all and I hope you find it of use.