owned this note
owned this note
Published
Linked with GitHub
###### tags: `TWCC`
# TWCC - ldap 使用者管理
## 查詢使用者
```
### readonly
# ldapsearch -x -H ldap://172.19.79.84:1389 -LLL -b 'dc=iam,dc=nchc,dc=org,dc=tw'
### 參數說明
# ldapsearch -?
-b basedn base dn for search
-LLL print responses in LDIF format without comments
and version
-D binddn bind DN
-H URI LDAP Uniform Resource Identifier(s)
-W prompt for bind password
-x Simple authentication
```
## 新增使用者
```
###新增ou
# vim base.ldif
dn: ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: organizationalUnit
ou: groups
###將base.ldif寫入ldap
# ldapadd -xD cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw -W -f base.ldif
Enter LDAP Password:
adding new entry "ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
adding new entry "ou=groups,dc=ai,dc=nchc,dc=org,dc=tw"
# vim coodie-test.ldif
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
###將coodie-test.ldif寫入ldap
# ldapadd -xD cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw -W -f coodie-test.ldif
Enter LDAP Password:
adding new entry "cn=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
###設定testuse密碼
# ldappasswd -s nchc1234 -W -D "cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw" -x "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
Enter LDAP Password:
###驗證testuse內容
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#
# testuse, users, ai.nchc.org.tw
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
```
## 修改使用者
```
###於testuse中新增一行description的描述
###準備一個替換的ldif文件
# vim modifycoodie-test.ldif
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
changetype: modify
add: description
description: testuse description
###用參數-f將ldif文件內容傳給ldapmodify
# ldapmodify -a -H ldap://172.19.79.84:1389 -D "cn=ai-admin,dc=ai,dc=nchc,dc=org,dc=tw" -W -f modifycoodie-test.ldif
Enter LDAP Password:
modifying entry "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
###驗證結果
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#
# testuse, users, ai.nchc.org.tw
dn: uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuse
uid: testuse
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/testuse
loginShell: /bin/bash
gecos: testuse
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
description: testuse description
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
```
## 刪除使用者
```
# ldapdelete -W -D "cn=admin,dc=ai,dc=nchc,dc=org,dc=tw" "uid=testuse,ou=users,dc=ai,dc=nchc,dc=org,dc=tw"
Enter LDAP Password:
###確認testuse已刪除
# ldapsearch -x cn=testuse -b dc=ai,dc=nchc,dc=org,dc=tw
# extended LDIF
#
# LDAPv3
# base <dc=ai,dc=nchc,dc=org,dc=tw> with scope subtree
# filter: cn=testuse
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
```
Sign in with Wallet
