TWCC - ldap 使用者管理

### readonly 
# ldapsearch -x -H ldap://172.19.79.84:1389 -LLL -b 'dc=iam,dc=nchc,dc=org,dc=tw'

### 參數說明
# ldapsearch -?
  -b basedn  base dn for search
  -LLL       print responses in LDIF format without comments
             and version
  -D binddn  bind DN
  -H URI     LDAP Uniform Resource Identifier(s)
  -W         prompt for bind password
  -x         Simple authentication  

###新增ou
# vim base.ldif
dn: ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: organizationalUnit
ou: groups


###將base.ldif寫入ldap
# ldapadd -xD cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw -W -f base.ldif
Enter LDAP Password:
adding new entry "ou=users,dc=ai,dc=nchc,dc=org,dc=tw"

adding new entry "ou=groups,dc=ai,dc=nchc,dc=org,dc=tw"


# vim coodie-test.ldif
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7


###將coodie-test.ldif寫入ldap
# ldapadd -xD cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw -W -f coodie-test.ldif
Enter LDAP Password:
adding new entry "cn=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"


###設定testuse密碼
# ldappasswd -s nchc1234 -W -D "cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw" -x "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
Enter LDAP Password:


###驗證testuse內容
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#

# testuse, users, ai.nchc.org.tw
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

###於testuse中新增一行description的描述
###準備一個替換的ldif文件
# vim modifycoodie-test.ldif
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
changetype: modify
add: description
description: testuse description


###用參數-f將ldif文件內容傳給ldapmodify
# ldapmodify -a -H ldap://172.19.79.84:1389 -D "cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw" -W -f modifycoodie-test.ldif
Enter LDAP Password:
modifying entry "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"


###驗證結果
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#

# testuse, users, ai.nchc.org.tw
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
description: testuse description

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

# ldapdelete -W -D "cn=admin,dc=ai,dc=nchc,dc=org,dc=tw" "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
Enter LDAP Password:


###確認testuse已刪除
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1