AD Native Management
That section is providing help to manage the users, groups on the Active directory from the CCME Management Host.
Users management
Important: The ActiveDirectory commands need to have write access on the ActiveDirectory. Which means only administrators will be allowed to run those commands. In the next sections, the selected user is “admin”.
Important: distinguishedName has to be unique, then a user name and a group name can NOT be identical. To create a user, follow those steps (also you will not be able to login with a new user):
Add a user
Add a password to the user
Add a user
adcli create-user -x -U Admin --domain="${CCME_AD_DIR_NAME}" --display-name="${USER_NAME}" "${USER_NAME}"
Add/Update a user password
aws ds reset-user-password \
--directory-id "${CCME_AD_ID}" \
--user-name "${USER_NAME}" \
--new-password '${USER_PASSWORD}' \
--region "${AWS_REGION}"
Delete a user
adcli delete-user --domain="${CCME_AD_DIR_NAME}" "${USER_NAME}" -U admin
Add or replace the sshPublicKey of a user (ldif file)
The ldif of the sshPublicKey add/replace:
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add/replace: sshPublicKey
sshPublicKey: ${sshPublicKey}
Apply your modifications into the targeted AD using LDAP commands
To execute a ldif, fill the variables and execute ldapmodify on the Active directory, here is a simple way to do it:
ldif_file=$(mktemp)
cat >"${ldif_file}" <<EOF
### YOUR LDIF HERE ###
EOF
ldapmodify -H "ldap://${CCME_AD_DIR_NAME}" -w "${CCME_AD_PASSWORD}" -D admin -f "${ldif_file}"
Groups management
Add a group
adcli create-group "--domain=${CCME_AD_DIR_NAME}" "${GROUP_NAME}" -U admin
Delete a group
adcli delete-group --domain="${CCME_AD_DIR_NAME}" "${GROUP_NAME}" -U admin
Add a user to a group
adcli add-member --domain="${CCME_AD_DIR_NAME}" "${GROUP_NAME}" "${USER_NAME}" -U admin
Remove a user from a group
adcli remove-member --domain="${CCME_AD_DIR_NAME}" "${GROUP_NAME}" "${USER_NAME}" -U admin