Hello,
I’m new on this list. I actually try to configure a LDAP server to manage my identities (and use Kerberos as authentication backend). In my goal, I want to minimize information that need to be set by administrator to create entry.
Here is a basic example :
dn: uid=yoann,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: posixAccount cn: Yoann Gini gidNumber: 20 homeDirectory: /home/users/yoann sn: Gini uid: yoann uidNumber: 2000 givenName: Yoann loginShell: /usr/local/bin/zsh mail: yoann@example.com userPassword: {SASL}yoann@EXAMPLE.COM
As you can see, they have many redundant informations…
What I looking for is a way to fix some field for posixAccount or *,ou=people,dc=example,dc=com.
For example, userPassword should be construct with a static text, a ldap entry and a global variable… {SASL}$uid$#KRB_REALM#. Like the mail : $uid$#domain#
If you have any suggestion :-)
Yoann
On 10/14/12 11:23 +0200, Yoann Gini wrote:
Hello,
I’m new on this list. I actually try to configure a LDAP server to manage my identities (and use Kerberos as authentication backend). In my goal, I want to minimize information that need to be set by administrator to create entry.
Here is a basic example :
dn: uid=yoann,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: posixAccount cn: Yoann Gini gidNumber: 20 homeDirectory: /home/users/yoann sn: Gini uid: yoann uidNumber: 2000 givenName: Yoann loginShell: /usr/local/bin/zsh mail: yoann@example.com userPassword: {SASL}yoann@EXAMPLE.COM
As you can see, they have many redundant informations…
What I looking for is a way to fix some field for posixAccount or *,ou=people,dc=example,dc=com.
For example, userPassword should be construct with a static text, a ldap entry and a global variable… {SASL}$uid$#KRB_REALM#. Like the mail : $uid$#domain#
#!/bin/sh
username=$1 domainname=$2 firstname=$3 lastname=$4 uidnumber=$5 gidnumber=$6 uc_domainname=`echo $domainname | tr 'a-z' 'A-Z'`
cat << EOF dn: uid=$username,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: posixAccount cn: $firstname $lastname gidNumber: $gidnumber homeDirectory: /home/users/$username sn: $lastname uid: $username uidNumber: $uidnumber givenName: $lastname loginShell: /usr/local/bin/zsh mail: $username@$domainname userPassword: {SASL}$username@$uc_domainname EOF
Le 16 oct. 2012 à 20:43, Dan White dwhite@olp.net a écrit :
#!/bin/sh
username=$1 domainname=$2 firstname=$3 lastname=$4 uidnumber=$5 gidnumber=$6 uc_domainname=`echo $domainname | tr 'a-z' 'A-Z'`
cat << EOF dn: uid=$username,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: posixAccount cn: $firstname $lastname gidNumber: $gidnumber homeDirectory: /home/users/$username sn: $lastname uid: $username uidNumber: $uidnumber givenName: $lastname loginShell: /usr/local/bin/zsh mail: $username@$domainname userPassword: {SASL}$username@$uc_domainname EOF
Well… That a solution but not the expected one… Especially because it need to be done for each record. Of course, I can configure my LDAP editor to use static value for these field, but I think it’s not the proper solution here, write the same data in multiple place is not good, especially when we need data integrity and field build from a other one.
Yoann
openldap-technical@openldap.org
-
Dan White -
Yoann Gini