This post shows you how to create a ldap users and groups using LDIF (LDAP Data Interchange Format) file without creating a local user and groups on LDAP Server. So this post covers only how to create a User and groups with LDIF file not the entire procedure to setting up Openldap Server. Refer this link to know how to configure openldap server on RHEL 7 or CentOS 7.
Note : If you need centralized home directory along with LDAP authentication, Refer the below links to create a local user, migrate it to ldap database and export the home directory using autofs or nfs. Hence users home directory also available from ldap server to the clients.
Automount Home Directories using Autofs
Configure Linux Clients for LDAP Authentication to OpenLDAP Server
Else if you use a LDIF file, authentication will happen from Ldap server and home directory will be created under each server.
For this demo, I have a running Openldap Server with following details and we are going to create a user called "newuser1" with UID 1010 and GID 1010.
Ldap Server name : ldapserver1.learnitguide.net (dc=learnitguide,dc=net)
Client Server name : Client1.learnitguide.net
Lets get started.
Use the ldapsearch command to print the object class details of an existing Ldap user "ldapuser1".
[ads-post]
Now create a file "usercreate.ldif", paste the copied content and change the required details for your requirement. I have changed the highlighted parameters and save the file.
lets set a password to the newly added user "newuser1"
Lets Verify the user "newuser1" LDAP entry.
Lets go to the client end and verify the user is able to access or not by making few changes.
Assume that you have already added your client to the Ldap server, if not refer this how to configure linux clients with Openldap Servers.
Just update the ldap configuration to create the home directory when user is logging in as below, else you would get an error as home directory not found.
Support Us: Share with your friends and groups.
Stay connected with us on social networking sites, Thank you.
YouTube | Facebook | Twitter | Pinterest | Rss
creating an ldap user, creating users in ldap, ldap getent passwd
Note : If you need centralized home directory along with LDAP authentication, Refer the below links to create a local user, migrate it to ldap database and export the home directory using autofs or nfs. Hence users home directory also available from ldap server to the clients.
Automount Home Directories using Autofs
Configure Linux Clients for LDAP Authentication to OpenLDAP Server
Else if you use a LDIF file, authentication will happen from Ldap server and home directory will be created under each server.
Ldap Server name : ldapserver1.learnitguide.net (dc=learnitguide,dc=net)
Client Server name : Client1.learnitguide.net
Lets get started.
ALSO WATCH THIS "LDAP USER & GROUP CREATION" TUTORIAL VIDEO FREE ON OUR YOUTUBE CHANNEL
Use the ldapsearch command to print the object class details of an existing Ldap user "ldapuser1".
[root@ldapserver1 ~]# ldapsearch -x cn=ldapuser1 -b dc=learnitguide,dc=netFrom the above output, copy the highlighted details in red color and proceed to the next steps.
# extended LDIF
#
# LDAPv3
# base <dc=learnitguide,dc=net> with scope subtree
# filter: cn=ldapuser1
# requesting: ALL
#
# ldapuser1, People, learnitguide.net
dn: uid=ldapuser1,ou=People,dc=learnitguide,dc=net
uid: ldapuser1
cn: ldapuser1
sn: ldapuser1
mail: ldapuser1@learnitguide.net
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JGVjYUFGNGxEJGV3aTYyMjBJNi8xamd4SWtuWjZzSnZ3SFRiNnd
wUzNGV2NWYmRqS1pia2twTTAyYk8yUnF0U1JUV25TY0hxUWdJQzFOYzVLRWlmcWZ2b1BWWHMuRjUv
shadowLastChange: 17449
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/ldapuser1
# ldapuser1, Group, learnitguide.net
dn: cn=ldapuser1,ou=Group,dc=learnitguide,dc=net
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 1000
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
[ads-post]
Now create a file "usercreate.ldif", paste the copied content and change the required details for your requirement. I have changed the highlighted parameters and save the file.
[root@node1 ~]# vi usercreate.ldifLets add the user "newuser1" using the "usercreate.ldif" file into LDAP database using ldapadd command.
dn: uid=newuser1,ou=People,dc=learnitguide,dc=net
uid: newuser1
cn: newuser1
sn: newuser1
mail: newuser1@learnitguide.net
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}x
shadowLastChange: 17449
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1010
gidNumber: 1010
homeDirectory: /home/newuser1
# newuser1, Group, learnitguide.net
dn: cn=newuser1,ou=Group,dc=learnitguide,dc=net
objectClass: posixGroup
objectClass: top
cn: newuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 1010
[root@node1 ~]# ldapadd -x -W -D "cn=Manager,dc=learnitguide,dc=net" -f /root/usercreate.ldifEnter the Ldap Administrator password when it prompts to enter which was created during the openldap configuration.
Enter LDAP Password:
adding new entry "uid=newuser1,ou=People,dc=learnitguide,dc=net"
[root@node1 ~]#
lets set a password to the newly added user "newuser1"
[root@node1 ~]# ldappasswd -s newuser1@123 -W -D "cn=Manager,dc=learnitguide,dc=net" -x "uid=newuser1,ou=People,dc=learnitguide,dc=net"Again enter the Ldap Administrator password when it prompts to enter which was created during the openldap configuration.
Enter LDAP Password:
[root@node1 ~]#
Lets Verify the user "newuser1" LDAP entry.
[root@node1 ~]# ldapsearch -x cn=newuser1 -b dc=learnitguide,dc=netGreat work, We have got the expected output of a user "newuser1".
# extended LDIF
#
# LDAPv3
# base <dc=learnitguide,dc=net> with scope subtree
# filter: cn=newuser1
# requesting: ALL
#
# newuser1, People, learnitguide.net
dn: uid=newuser1,ou=People,dc=learnitguide,dc=net
uid: newuser1
cn: newuser1
sn: newuser1
mail: newuser1@learnitguide.net
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 17449
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1010
gidNumber: 1010
homeDirectory: /home/newuser1
userPassword:: e1NTSEF9RzFidHhRY1dmR1JyT2xzaVFqd3hYN0Jxc0JBOVd4eU0=
# newuser1, Group, learnitguide.net
dn: cn=newuser1,ou=Group,dc=ourtestdomain,dc=com
objectClass: posixGroup
objectClass: top
cn: newuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 1010
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Lets go to the client end and verify the user is able to access or not by making few changes.
Assume that you have already added your client to the Ldap server, if not refer this how to configure linux clients with Openldap Servers.
Just update the ldap configuration to create the home directory when user is logging in as below, else you would get an error as home directory not found.
[root@client1 ~]# authconfig --enablemkhomedir --updateNow, Verify the ldap user "newuser1" using the below command.
getsebool: SELinux is disabled
[root@client1 ~]# getent passwd newuser1Lets login using the newly created user "newuser1" as below.
newuser1:x:1010:1010:newuser1:/home/newuser1:/bin/bash
[root@client1 ~]# su - newuser1Thats all, we are able to login with the user "newuser1" which was created using ldif file. Repeat the same for more user. Goind forward, you will get more articles and stay connected with us to not miss any updates. How to Create a LDAP Users and Groups using LDIF file, create ldap users, add ldap users, create ldap users and groups, create ldap user in linux, create ldap user account, add ldap users using ldif, add ldap multiple users, openldap add user ldif, ldap create user, ldap user add command line,
Creating directory '/home/newuser1'.
[newuser1@client1 ~]$ id
uid=1010(newuser1) gid=1010 groups=1010
[newuser1@client1 ~]$
Support Us: Share with your friends and groups.
Stay connected with us on social networking sites, Thank you.
YouTube | Facebook | Twitter | Pinterest | Rss
creating an ldap user, creating users in ldap, ldap getent passwd
Post a Comment