932
edits
Changes
→INVESTIGATION 2: Adding Users to LDAP
== INVESTIGATION 2: Adding Users to LDAP ==
Perform the Following steps on your LDAP server VM:
*Before we start adding users, we need to tell the tool that is going to translate between normal user accounts and LDAP structure a little about our domain.*Mmake a backup of the /usr/share/migrationstools/migrate_common.ph to the /root directory.Modify the following parameters in the original file to the values shown below:<source>$DEFAULT_MAIL_DOMAIN = "andrew.ops";$DEFAULT_BASE = "dc=andrew,dc=ops";$EXTENDED_SCHEMA = 1;</source>#Add a new user to this machine with your username and a UID of 10000. Set their password as well.#Migrating them into LDAP will take several steps:*Extract the passwd entries of your new user from /etc/passwd to a file called"ldapusers.entry"<source>grep -w <your username> /etc/passwd > /root/ldapusers.entry </source>*Use the migrate_passwd.pl file to convert the user information you extracted earlier into an ldif file:<source>/usr/share/migrationtools/migrate_passwd.pl ldapusers.entry /root/ldapusers.ldif</source>This should generate an ldif file similar to the following:<source>dn: uid=<your username>,ou=People,dc=andrew,dc=opsuid: <your username>cn: <your username>sn: <your username>mail: <your username>@andrew.opsobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword: {crypt}$6$PBqQXRo/ugCCjBe0.ZgvmJl8U2tVjpdR8X9bh4OZ1cl3mv4xf0Hv1HSDavkxusO8R3lIuuJ7skrfqpTQpbZ6hbd3e3BGB.shadowLastChange: 17120shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 10000gidNumber: 10000homeDirectory: /home/<your username></source> *Use the ldapadd command to enter this new information into the database. As before use simple authentication, the distinguished name of the ldap administrator, and get prompted for a password.</li>Use ldapsearch to confirm that the new users have been added to the database.<br />You should get output similar to the following:<source># extended LDIF## LDAPv3# base <dc=andrew,dc=ops> with scope subtree# filter: (objectClass=*)# requesting: ALL# # andrew.opsdn: dc=andrew,dc=opsobjectClass: topobjectClass: dcObjectobjectClass: organizationo: andrew opsdc: andrew # Manager, andrew.opsdn: cn=Manager,dc=andrew,dc=opsobjectClass: organizationalRolecn: Managerdescription: Directory Manager # People, andrew.opsdn: ou=People,dc=andrew,dc=opsobjectClass: organizationalUnitou: People # ldapuser1, People, ops535.comdn: uid=<your username>,ou=People,dc=andrew,dc=opsuid: <your username>cn: <your username>sn: <your username>mail: <your username>@andrew.opsobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: topobjectClass: shadowAccountuserPassword:: e2NyeXB0fSQ2JFBCcVFYUm8vJHVnQ0NqQmUwLlpndm1KbDhVMnRWanBkUjhYOWJoNE9aMWNsM212NHhmMEh2MUhTRGF2a3h1c084UjNsSXV1Sjdza3JmcXBUUXBiWjZoYmQzZTNCR0IushadowLastChange: 17120shadowMin: 0shadowMax: 99999shadowWarning: 7loginShell: /bin/bashuidNumber: 10000gidNumber: 10000homeDirectory: /home/<your username> # search resultsearch: 2result: 0 Success # numResponses: 10# numEntries: 5</source>*Repeat the process to create two more users:** jane with the UID 10001 and full name Jane Greystoke** guest with the uid 10002 and full name Andrew's Guests* Confirm that you can log in using all three usernames on all your nested VMs (except lin3).
== INVESTIGATION 3: Using Ldif Files ==
