2:23 a.m.
Hello,
I’m new on this list. I actually try to configure a LDAP server to manage my identities
(and use Kerberos as authentication backend). In my goal, I want to minimize information
that need to be set by administrator to create entry.
Here is a basic example :
dn: uid=yoann,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: Yoann Gini
gidNumber: 20
homeDirectory: /home/users/yoann
sn: Gini
uid: yoann
uidNumber: 2000
givenName: Yoann
loginShell: /usr/local/bin/zsh
mail: yoann(a)example.com
userPassword: {SASL}yoann(a)EXAMPLE.COM
As you can see, they have many redundant informations…
What I looking for is a way to fix some field for posixAccount or
*,ou=people,dc=example,dc=com.
For example, userPassword should be construct with a static text, a ldap entry and a
global variable… {SASL}$uid$#KRB_REALM#.
Like the mail : $uid$#domain#
If you have any suggestion :-)
Yoann
11:43 a.m.
On 10/14/12 11:23 +0200, Yoann Gini wrote:
Hello,
I’m new on this list. I actually try to configure a LDAP server to manage my identities
(and use Kerberos as authentication backend). In my goal, I want to minimize information
that need to be set by administrator to create entry.
Here is a basic example :
dn: uid=yoann,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: Yoann Gini
gidNumber: 20
homeDirectory: /home/users/yoann
sn: Gini
uid: yoann
uidNumber: 2000
givenName: Yoann
loginShell: /usr/local/bin/zsh
mail: yoann(a)example.com
userPassword: {SASL}yoann(a)EXAMPLE.COM
As you can see, they have many redundant informations…
What I looking for is a way to fix some field for posixAccount or
*,ou=people,dc=example,dc=com.
For example, userPassword should be construct with a static text, a ldap entry and a
global variable… {SASL}$uid$#KRB_REALM#.
Like the mail : $uid$#domain#
#!/bin/sh
username=$1
domainname=$2
firstname=$3
lastname=$4
uidnumber=$5
gidnumber=$6
uc_domainname=`echo $domainname | tr 'a-z' 'A-Z'`
cat << EOF
dn: uid=$username,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: $firstname $lastname
gidNumber: $gidnumber
homeDirectory: /home/users/$username
sn: $lastname
uid: $username
uidNumber: $uidnumber
givenName: $lastname
loginShell: /usr/local/bin/zsh
mail: $username@$domainname
userPassword: {SASL}$username@$uc_domainname
EOF
--
Dan White
12:13 p.m.
Le 16 oct. 2012 à 20:43, Dan White <dwhite(a)olp.net> a écrit :
#!/bin/sh
username=$1
domainname=$2
firstname=$3
lastname=$4
uidnumber=$5
gidnumber=$6
uc_domainname=`echo $domainname | tr 'a-z' 'A-Z'`
cat << EOF
dn: uid=$username,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: $firstname $lastname
gidNumber: $gidnumber
homeDirectory: /home/users/$username
sn: $lastname
uid: $username
uidNumber: $uidnumber
givenName: $lastname
loginShell: /usr/local/bin/zsh
mail: $username@$domainname
userPassword: {SASL}$username@$uc_domainname
EOF
Well… That a solution but not the expected one… Especially because it need to be done for
each record. Of course, I can configure my LDAP editor to use static value for these
field, but I think it’s not the proper solution here, write the same data in multiple
place is not good, especially when we need data integrity and field build from a other
one.
Yoann
4000
days inactive
4003
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Dan White -
Yoann Gini