This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
хранение_учетных_записей_unix_в_ldap [2021/01/14 11:56] val |
хранение_учетных_записей_unix_в_ldap [2024/02/01 15:32] (current) val [Использование migrationtools] |
||
---|---|---|---|
Line 75: | Line 75: | ||
homeDirectory: /home/user1 | homeDirectory: /home/user1 | ||
userpassword: * | userpassword: * | ||
+ | #userpassword: password1 | ||
dn: uid=user2,ou=People,dc=corpX,dc=un | dn: uid=user2,ou=People,dc=corpX,dc=un | ||
Line 88: | Line 89: | ||
homedirectory: /home/user2 | homedirectory: /home/user2 | ||
userpassword: * | userpassword: * | ||
+ | #userpassword: password2 | ||
dn: cn=group1,ou=Group,dc=corpX,dc=un | dn: cn=group1,ou=Group,dc=corpX,dc=un | ||
Line 113: | Line 115: | ||
==== Модификация информации в ldap каталоге ===== | ==== Модификация информации в ldap каталоге ===== | ||
- | ==== Пример назначения номеров телефонов и адресов email ==== | + | === Пример изменения пароля === |
+ | <code> | ||
+ | server# cat replacepasswd.ldif | ||
+ | </code><code> | ||
+ | dn: uid=user1,ou=People,dc=corpX,dc=un | ||
+ | changetype: modify | ||
+ | replace: userPassword | ||
+ | userPassword: password1 | ||
+ | |||
+ | dn: uid=user2,ou=People,dc=corpX,dc=un | ||
+ | changetype: modify | ||
+ | replace: userPassword | ||
+ | userPassword: password2 | ||
+ | </code><code> | ||
+ | server# ldapmodify -x -D "cn=admin,dc=corpX,dc=un" -w secret -f replacepasswd.ldif | ||
+ | </code> | ||
+ | |||
+ | === Пример назначения номеров телефонов и адресов email === | ||
<code> | <code> | ||
server:~# cat addmailphone.ldif | server:~# cat addmailphone.ldif | ||
Line 140: | Line 159: | ||
</code> | </code> | ||
- | ==== Пример назначения UNIX атрибутов в Microsoft AD ==== | + | === Пример назначения UNIX атрибутов в Microsoft AD === |
+ | |||
+ | !!! Объекты guser1, guser2 и group1 должны быть созданы заранее | ||
<code> | <code> | ||
- | client1:~# cat addunixattr.ldif | + | gate:~# cat addunixattr.ldif |
</code><code> | </code><code> | ||
+ | #==== add and set attr to user1 ==== | ||
+ | |||
dn: CN=guser1,CN=Users,DC=corpX,DC=un | dn: CN=guser1,CN=Users,DC=corpX,DC=un | ||
changetype: modify | changetype: modify | ||
add: gidNumber | add: gidNumber | ||
gidNumber: 10001 | gidNumber: 10001 | ||
- | |||
- | dn: CN=guser2,CN=Users,DC=corpX,DC=un | ||
- | changetype: modify | ||
- | add: gidNumber | ||
- | gidNumber: 10002 | ||
dn: CN=Ivan I. Ivanov,CN=Users,DC=corpX,DC=un | dn: CN=Ivan I. Ivanov,CN=Users,DC=corpX,DC=un | ||
Line 174: | Line 192: | ||
add: loginShell | add: loginShell | ||
loginShell: /bin/sh | loginShell: /bin/sh | ||
+ | |||
+ | #==== add and set attr to user2 ==== | ||
+ | |||
+ | dn: CN=guser2,CN=Users,DC=corpX,DC=un | ||
+ | changetype: modify | ||
+ | add: gidNumber | ||
+ | gidNumber: 10002 | ||
dn: CN=Petr P. Petrov,CN=Users,DC=corpX,DC=un | dn: CN=Petr P. Petrov,CN=Users,DC=corpX,DC=un | ||
Line 194: | Line 219: | ||
add: loginShell | add: loginShell | ||
loginShell: /bin/sh | loginShell: /bin/sh | ||
+ | |||
+ | #==== add and set attr to group1 ==== | ||
dn: CN=group1,CN=Users,DC=corpX,DC=un | dn: CN=group1,CN=Users,DC=corpX,DC=un | ||
Line 210: | Line 237: | ||
memberUid: user2 | memberUid: user2 | ||
</code><code> | </code><code> | ||
- | client1:~# export LDAPTLS_REQCERT=never | + | gate:~# ldapmodify -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -W -H ldap://server -f addunixattr.ldif |
- | + | ||
- | client1:~# ldapmodify -x -D "cn=Administrator,cn=Users,dc=corp6,dc=un" -W -H ldaps://server -f addunixattr.ldif | + | |
</code> | </code> | ||
Line 222: | Line 247: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | $DEFAULT_MAIL_DOMAIN = "corp13.un"; | + | $DEFAULT_MAIL_DOMAIN = "corpX.un"; |
... | ... | ||
- | $DEFAULT_BASE = "dc=corp13,dc=un"; | + | $DEFAULT_BASE = "dc=corpX,dc=un"; |
... | ... | ||
$EXTENDED_SCHEMA = 1; | $EXTENDED_SCHEMA = 1; | ||
... | ... | ||
- | $IGNORE_UID_BELOW = 1000; | + | $IGNORE_UID_BELOW = 1001; |
- | $IGNORE_GID_BELOW = 1000; | + | $IGNORE_GID_BELOW = 1001; |
... | ... | ||
$IGNORE_UID_ABOVE = 65500; | $IGNORE_UID_ABOVE = 65500; |