GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


       ldapscripts - Scripts to manage POSIX accounts in your LDAP directory.


       The  ldapscripts  are  a  set  of shell (sh) scripts designed to manage
       POSIX accounts in an OpenLDAP directory. They can be used as standalone
       tools or within Samba 3.x's smb.conf file.


       The   main   requirements  are  the  OpenLDAP  client  tools  (ldapadd,
       ldapsearch, ldapdelete, ...). Other commands are called in the  scripts
       but should come with your OS (sed, grep, cut, ...).


       The   main  configuration  of  the  ldapscripts  is  usually  the  file
       /etc/ldapscripts/ldapscripts.conf                                   (or
       /usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system).
       Modify it to fit your needs before using the scripts. Each script  also
       uses   a   "runtime"  file,  usually  /usr/lib/ldapscripts/runtime  (or
       /usr/local/lib/ldapscripts/runtime). You  don't  need  to  modify  this


       Each  script  that  adds  information to the directory uses a template.
       Templates are directly embedded at the end of the  scripts  but  it  is
       also  possible to use external template files (see GTEMPLATE, UTEMPLATE
       and MTEMPLATE variables  in  the  configuration  file).  Each  template
       consists  of  a preformatted LDIF file using special keywords that will
       be replaced on-the-fly. Sample files are provided for your  convenience
       :    ldapaddgroup.template.sample,    ldapadduser.template.sample   and
       ldapaddmachine.template.sample. It is strongly  advised  to  use  those
       files  instead  of  modifying  the  embedded (default) templates in the

       Sample templates  include  every  keyword  you  can  use.  One  special
       additional keyword is the <ask> keyword that will trigger user input to
       get the attribute value interactively.


       Each script can be used as a standard command-line  tool.  Check  their
       man pages to get help.


       Each  Samba  3.x  smb.conf  "xxx  script" option has a matching script.
       Modify you smb.conf file this way to call them :

       # [...]
       add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines
       add user script = /usr/local/sbin/ldapadduser '%u' sambausers
       add group script = /usr/local/sbin/ldapaddgroup '%g'
       add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
       delete user script = /usr/local/sbin/ldapdeleteuser '%u'
       delete group script = /usr/local/sbin/ldapdeletegroup '%g'
       delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
       set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
       rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
       # [...]


       ldapdeletemachine(1),    ldapmodifymachine(1),    ldaprenamemachine(1),
       ldapadduser(1),  ldapdeleteuserfromgroup(1),  ldapfinger(1), ldapid(1),
       ldapmodifyuser(1), lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1),
       ldapinit(1),   ldapsetpasswd(1),  ldapaddgroup(1),  ldapdeletegroup(1),
       ldapsetprimarygroup(1),     ldapmodifygroup(1),     ldaprenamegroup(1),
       ldapaddmachine(1), ldapdeleteuser(1).


       The  ldapscripts  are  provided under the GNU General Public License v2
       (see COPYING for more details).  The latest version of the  ldapscripts
       is available on :


       Sometimes, that kind of message may appear in the log file : Additional
       information: value does not conform  to  assertion  syntax  .   Setting
       slapd's  debug  level to 32 shows additional details : get_ava: illegal
       value for attributeType  uidNumber  .   This  is  *not*  a  bug  :  the
       ldapscripts  tend to use the power of LDAP filters to easily find users
       (or groups) using either a uidNumber (numerical value) or a uid (string
       value).  The following filter (used by ldapfinger(1)) will generate the
       above      message      if      $_USER      is      a      login      :
       (&(objectClass=posixGroup)(|(cn=$_USER)(gidNumber=$_USER))))"   because
       filter part "(uidNumber=$_USER)" requires an integer but gets a string.
       You can mostly ignore those warnings.

                                January 1, 2006                 ldapscripts(5)

  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to
Page load time: 0.116 seconds. Last modified: November 04 2018 12:49:43.