POSIX Attributes Management

That section describes how to manage the posix attributes of the users and groups in the Active Directory.

Ldif File

For the section specified “ldif file”, you have to create a file, fill the variables and execute ldapmodify on the Active Directory. Here is a simple way to do that:

ldif_file=$(mktemp)
cat >"${ldif_file}" <<EOF
### YOUR LDIF HERE ###
EOF

# In case of LDAPS, please uncomment the following line
# LDAPTLS_CACERT="${CCME_CONF}/${CCME_AD_URI}.crt" \
ldapmodify -H "${CCME_AD_PROTOCOL}://${CCME_AD_URI}" -w ${CCME_AD_ADMIN_PASSWORD} -D "${CCME_AD_ADMIN_CN}" -f "${ldif_file}"

Users management

To enable a user in POSIX environment, follow these steps:

Activate the user

Add a uidNumber to the user

Add a gidNumber to the user

Activate a new user (ldif file)

dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
replace: userAccountControl
userAccountControl: 512

Add or replace the uidNumber of a user (ldif file)

# Add
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add: uidNumber
uidNumber: ${UID_NUMBER}

# Replace
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add: uidNumber
uidNumber: ${UID_NUMBER}

Add or replace the gidNumber of a user (ldif file)

# Add
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add: gidNumber
gidNumber: ${GID_NUMBER}

# Replace
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
replace: gidNumber
gidNumber: ${GID_NUMBER}

Add or replace the sshPublicKey of a user (ldif file)

# Add
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add: sshPublicKey
sshPublicKey: ${sshPublicKey}

# Replace
dn: CN=${USER_NAME},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
replace: sshPublicKey
sshPublicKey: ${sshPublicKey}

Groups management

To enable a group in POSIX environment, you need to bind gidNumber to your groups.

Modify the gidNumber of a group (ldif file)

# Add
dn: CN={{ GROUP_NAME }},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
add: gidNumber
gidNumber: ${GID_NUMBER}

# Replace
dn: CN={{ GROUP_NAME }},OU=Users,OU=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC1},DC=${CCME_AD_DIR_NAME_DC2}
changetype: modify
replace: gidNumber
gidNumber: ${GID_NUMBER}

List unix IDs in the ActiveDirectory

List used uidNumber

ldapsearch -H "${CCME_AD_PROTOCOL}://${CCME_AD_URI}" -w ${CCME_AD_ADMIN_PASSWORD} -D "${CCME_AD_ADMIN_CN}" -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(uidNumber=*))" | grep uidNumber

List used gidNumber

ldapsearch -H "${CCME_AD_PROTOCOL}://${CCME_AD_URI}" -w ${CCME_AD_ADMIN_PASSWORD} -D "${CCME_AD_ADMIN_CN}" -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(gidNumber=*))" | grep gidNumber