2010/12/1 Juan Pablo Romero Méndez jpablo.romero@gmail.com:
Hello,
I'm trying to programmatically call useradd to create an ldap user on opensuse 11.2.
I will assume that your OS ham PAM configured in a way that LDAP users are the OS users, and that you have no confusion between the local box's users and the one in LDAP.
If so, all you need to do is talk LDAP directly using your favorite lang, example Perl and Net::LDAP are very powerful. You can also use something like LAM (LDAP Account manager) which is written in PHP although it lacks some stuff such as moddn but it has a nice interface for Unix users and groups.
The thing is that once your machine uses LDAP as it's DB for users, from then one you should deal with the LDAP server directly and affects all machines that are connected to that LDAP.
The problem is that calling
useradd -m --service ldap -D "cn=Administrator,dc=tkm,dc=com,dc=mx" testuser
requests the ldap admin password in a way which I find difficult to handle programmatically.
I thought that setting rootbinddn in /etc/ldap.conf and the password in /etc/ldap.secret would prevent useradd to ask the password but this is not the case.
Is it possible to accomplish this? (i.e. configure useradd/passswd to not to ask passwords in the command line?)
Regards,
Juan Pablo