AD Management POSIX attributes

That section is providing help to manage the posix attributes of the users, groups in the Active Directory.

Doc

Ldif File

For the section specified “ldif file”, you have to create a file, fill the variables and execute ldapmodify on the Active Directory. Here is a simple way to do that:

ldif_file=$(mktemp)
cat >"${ldif_file}" <<EOF
### YOUR LDIF HERE ###
EOF

ldapmodify -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -f $ldif_file

Users management

Important: distinguishedName has to be unique, then a user name and a group name can NOT be identical. To create a user, follow those steps (also you will not be able to login with a new user):

Add a user

Add a uidNumber to the user

Add a gidNumber to the user

Add a password to the user

Activate the user

Add a user

adcli create-user --domain=${CCME_AD_DIR_NAME} --unix-home=${USER_HOME_PATH} --unix-uid=${USER_UID} --unix-gid=${USER_GID} ${USER_NAME} -U admin

Add/Update a user password:

net ads password ${USER_NAME} ${USER_PASSWORD} -U admin%${CCME_AD_PASSWORD}

Activate a new user (ldif file)

dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
replace: userAccountControl
userAccountControl: 512

Delete a user

adcli delete-user --domain=${CCME_AD_DIR_NAME} ${USER_NAME} -U admin

Add or replace the uidNumber of a user (ldif file)

dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add/replace: uidNumber
uidNumber: ${UID_NUMBER}

Add or replace the gidNumber of a user (ldif file)

dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add/replace: gidNumber
gidNumber: ${GID_NUMBER}

Add or replace the sshPublicKey of a user (ldif file)

dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add/replace: sshPublicKey
sshPublicKey: ${sshPublicKey}

Groups management

To create a group:

Add a group

Add a gidNumber to the group

Add a group

adcli create-group --domain=${CCME_AD_DIR_NAME} ${GROUP_NAME} -U admin

Delete a group

adcli delete-group --domain=${CCME_AD_DIR_NAME} ${GROUP_NAME} -U admin

Add a user to a group

adcli add-member --domain=${CCME_AD_DIR_NAME} ${GROUP_NAME} ${USER_NAME} -U admin

Remove a user from a group

adcli remove-member --domain=${CCME_AD_DIR_NAME} ${GROUP_NAME} ${USER_NAME} -U admin

Modify the gidNumber of a group (ldif file)

dn: CN=${GROUP_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add/replace: gidNumber
gidNumber: ${GID_NUMBER}

List unix IDs in the ActiveDirectory

List used uidNumber

ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(uidNumber=*))" | grep uidNumber

List used gidNumber

ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(gidNumber=*))" | grep gidNumber