ldapadd
Table of Contents
実行例 : dc=example,dc=com -> ou=People -> uid=ldapuser の作成
ディレクトリを作成
/opt/home/ldapuser を作成する
example.com を作成
example_com.ldif を作成
dn: dc=example,dc=com objectClass: dcObject objectClass: organization dc: example o: example
ldapadd する
$ ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f example_com.ldif adding new entry "dc=example,dc=com"
People を作成
People.ldif を作成
dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People
ldapadd する
$ ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f People.ldif adding new entry "ou=People,dc=example,dc=com"
ldapuser を作成
ldapuser.ldif を作成
userPassword に記載する文字列(Hash)は slappasswd コマンドで生成する。
$ slappasswd -s ldapuser
{SSHA}FuTMpjLEYQhnyH3f6/xPzC/HywVqz/I5
dn: uid=ldapuser,ou=People,dc=example,dc=com
objectClass: account
objectClass: posixAccount
uid: ldapuser
cn: ldapuser
userPassword: {SSHA}FuTMpjLEYQhnyH3f6/xPzC/HywVqz/I5
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /opt/home/ldapuser
ldapadd する
$ ldapadd -x -D "cn=Manager,dc=example,dc=com" -w secret -f ldapuser.ldif adding new entry "uid=ldapuser,ou=People,dc=example,dc=com"
smb対応のldifファイル作成perlスクリプト
$ sudo perl create_ldif.pl ユーザ名 パスワード uid(兼gid)
#!/usr/bin/perl use Crypt::SmbHash; $default_dc = "dc=example,dc=com"; $default_g_ou = "ou=Group"; $default_ou = "ou=People"; $username = $ARGV[0]; $password = $ARGV[1]; $uid = $ARGV[2]; if ( !$uid ) { print "Not enough arguments¥n"; print "Usage: $0 username password uid(gid)¥n"; exit 1; } # $uid = (getpwnam($username))[2]; # my ($login,undef,$uid) = getpwnam($ARGV[0]); ntlmgen $password, $lm, $nt; #printf "%s:%d:%s:%s:[%-11s]:LCT-%08X¥n", $login, $uid, $lm, $nt, "U", time; $temp = `net getlocalsid`; if( $temp =‾ /(.+):¥s(.+)¥n/ ) { $localsid = $2; } else { print "can't getlocalsid¥n"; exit 1; } #print "$localsid¥n"; #print "¥n¥n¥n"; # group printf("dn: cn=%s,%s,%s¥n",$username,$default_g_ou,$default_dc); printf("objectClass: posixGroup¥n"); printf("objectClass: top¥n"); printf("cn: %s¥n",$username); printf("gidNumber: $uid¥n",$uid); printf("¥n"); # user printf("dn: uid=%s,%s,%s¥n",$username,$default_ou,$default_dc); printf("objectClass: account¥n"); printf("objectClass: posixAccount¥n"); printf("objectClass: sambaSamAccount¥n"); printf("uid: %s¥n",$username); printf("cn: %s¥n",$username); printf("userPassword: ¥n"); printf("loginShell: /bin/bash¥n"); printf("uidNumber: %s¥n",$uid); printf("gidNumber: %s¥n",$uid); printf("homeDirectory: /home/%s¥n",$username); printf("sambaSID: %s-%d¥n",$localsid,($uid*2)+1000); printf("sambaAcctFlags: ¥[%-11s¥]¥n","U"); printf("sambaHomePath:¥n"); printf("sambaHomeDrive:¥n"); printf("sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000¥n"); printf("sambaLMPassword: %s¥n",$lm); printf("sambaNTPassword: %s¥n",$nt); printf("sambaPwdLastSet: %d¥n",time);