openldap添加用户条目(登录后就需要设置修改密码)
声明下面的ou=Group和ou=People之前已经创建好了,参看https://wsfnk.com/archives/431.html
目录树规划
#先生成一个密码(1234)
[root@openldap-server ~]# slappasswd
New password:
Re-enter new password:
{SSHA}OaR2RdktjtY2nJlPmuYPfop+QJok1OX5
#创建新用户的ldif文件
vi ldapuser.ldif
#注意要顶格写.这里latiao用户,我将其加入到centos组中
# create new
# replace to your own domain name for "dc=***,dc=***" section
dn: uid=latiao,ou=People,dc=wsfnk,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: centos
sn: 李
givenName: 辣条
displayName: 李辣条
userPassword: {SSHA}OaR2RdktjtY2nJlPmuYPfop+QJok1OX5
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 1000
homeDirectory: /home/latiao
#shadowLastChange: 1620
#shadowMin: 0
#shadowMax: 9999
#shadowWarning: 7
#shadowExpire: 0 #若为负数,会无休无止的让你修改密码
employeeNumber: IDC-B06
mobile: 18170007313
mail: 213212@ws32nk.com
postalAddress: 南昌
#这是添加一个名为centos的cn,在名为Group的ou下
dn: cn=centos,ou=Group,dc=wsfnk,dc=local
objectClass: posixGroup
cn: centos
gidNumber: 1000
memberUid: centos
#导入用户的ldif
ldapadd -x -D cn=Manager,dc=wsfnk,dc=local -W -f ldapuser.ldif
#验证:在客户端查看刚才添加的用户ID号
[root@centos7 ~]# getent passwd latiao
latiao:x:2000:1000:centos:/home/latiao:/bin/bash导入本地linux的账户到openldap目录树里(先写一个脚本,用于生成本地用户信息)
vi ldapuser.sh
# extract local users and groups who have 1000-9999 digit UID
# replace "SUFFIX=***" to your own domain name
# this is an example
#!/bin/bash
SUFFIX='dc=wsfnk,dc=local'
LDIF='ldapuser.ldif'
echo -n > $LDIF
GROUP_IDS=()
grep "x:[1-9][0-9][0-9][0-9]:" /etc/passwd | (while read TARGET_USER
do
USER_ID="$(echo "$TARGET_USER" | cut -d':' -f1)"
USER_NAME="$(echo "$TARGET_USER" | cut -d':' -f5 | cut -d' ' -f1,2)"
[ ! "$USER_NAME" ] && USER_NAME="$USER_ID"
LDAP_SN="$(echo "$USER_NAME" | cut -d' ' -f2)"
[ ! "$LDAP_SN" ] && LDAP_SN="$USER_NAME"
LASTCHANGE_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f3)"
[ ! "$LASTCHANGE_FLAG" ] && LASTCHANGE_FLAG="0"
SHADOW_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f9)"
[ ! "$SHADOW_FLAG" ] && SHADOW_FLAG="0"
GROUP_ID="$(echo "$TARGET_USER" | cut -d':' -f4)"
[ ! "$(echo "${GROUP_IDS[@]}" | grep "$GROUP_ID")" ] && GROUP_IDS=("${GROUP_IDS[@]}" "$GROUP_ID")
echo "dn: uid=$USER_ID,ou=People,$SUFFIX" >> $LDIF
echo "objectClass: inetOrgPerson" >> $LDIF
echo "objectClass: posixAccount" >> $LDIF
echo "objectClass: shadowAccount" >> $LDIF
echo "sn: $LDAP_SN" >> $LDIF
echo "givenName: $(echo "$USER_NAME" | awk '{print $1}')" >> $LDIF
echo "cn: $USER_NAME" >> $LDIF
echo "displayName: $USER_NAME" >> $LDIF
echo "uidNumber: $(echo "$TARGET_USER" | cut -d':' -f3)" >> $LDIF
echo "gidNumber: $(echo "$TARGET_USER" | cut -d':' -f4)" >> $LDIF
echo "userPassword: {crypt}$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f2)" >> $LDIF
echo "gecos: $USER_NAME" >> $LDIF
echo "loginShell: $(echo "$TARGET_USER" | cut -d':' -f7)" >> $LDIF
echo "homeDirectory: $(echo "$TARGET_USER" | cut -d':' -f6)" >> $LDIF
echo "shadowExpire: $(passwd -S "$USER_ID" | awk '{print $7}')" >> $LDIF
echo "shadowFlag: $SHADOW_FLAG" >> $LDIF
echo "shadowWarning: $(passwd -S "$USER_ID" | awk '{print $6}')" >> $LDIF
echo "shadowMin: $(passwd -S "$USER_ID" | awk '{print $4}')" >> $LDIF
echo "shadowMax: $(passwd -S "$USER_ID" | awk '{print $5}')" >> $LDIF
echo "shadowLastChange: $LASTCHANGE_FLAG" >> $LDIF
echo >> $LDIF
done
for TARGET_GROUP_ID in "${GROUP_IDS[@]}"
do
LDAP_CN="$(grep ":${TARGET_GROUP_ID}:" /etc/group | cut -d':' -f1)"
echo "dn: cn=$LDAP_CN,ou=Group,$SUFFIX" >> $LDIF
echo "objectClass: posixGroup" >> $LDIF
echo "cn: $LDAP_CN" >> $LDIF
echo "gidNumber: $TARGET_GROUP_ID" >> $LDIF
for MEMBER_UID in $(grep ":${TARGET_GROUP_ID}:" /etc/passwd | cut -d':' -f1,3)
do
UID_NUM=$(echo "$MEMBER_UID" | cut -d':' -f2)
[ $UID_NUM -ge 1000 -a $UID_NUM -le 9999 ] && echo "memberUid: $(echo "$MEMBER_UID" | cut -d':' -f1)" >> $LDIF
done
echo >> $LDIF
done
)
#运行脚本,生成基于本地账户密码的ldif文件
sh ldapuser.sh
#查看生成的ldif文件(可以按需修改ldif的内容,以符合自己所需)
cat ldapuser.ldif
vi ldapuser.ldif
#导入
ldapadd -x -D cn=Manager,dc=wsfnk,dc=local -W -f ldapuser.ldif声明:本文为原创,作者为 辣条①号,转载时请保留本声明及附带文章链接:https://boke.wsfnk.com/archives/368.html
赏
谢谢你请我吃辣条
谢谢你请我吃辣条
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论