Versions Compared

Old Version 4

changes.mady.by.user Sumit Shah

Saved on

compared with

New Version 5

changes.mady.by.user Sumit Shah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

No Format
TLS_CERT /etc/ssl/certs/ldap.crt
TLS_KEY /etc/ssl/private/ldap.key
  • The passphrase required when invoking the commands below can be found in vault.

Adding a new user

You can use the following script to help generate the ldif formatted input:

No Format
#!/bin/sh

# ./addnewuser.sh johndoe John Doe <UID> johndoe@grameenfoundation.org <secret>

cat << EOF
dn: uid=$1,ou=people,dc=mifos,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: $1
sn: $3
givenName: $2
cn: $2 $3
displayName: $2 $3
uidNumber: $4
gidNumber: 10000
gecos: $2 $3
loginShell: /bin/bash
homeDirectory: /home/$1
userPassword: $6
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: $5
EOF

...

if the user "johndoe" exists it will error, however duplicating the UID will NOT generate an error so be sure to make sure that it does not exist. If the command completes successfully than you can log into a ldap client e.g. <mfi>.mifos.org and run getent passwd and you will see the newly added entry.

Deleting a user

If you make a mistake you can delete the entry with the following:

No Format
ldapdelete -x -w mifosW -D cn=admin,dc=mifos,dc=org -h ldap.mifos.org -ZZ 'uid=johndoe,ou=people,dc=mifos,dc=org'

Searching

You can also search the ldap db with the following

No Format
ldapsearch -LLL -x -wW mifos -D cn=admin,dc=mifos,dc=org -h ldap.mifos.org -ZZ 'cn=*Jeff*

The last argument 'cn=Jeff' can be adjusted accordingly based on which field you want to search or won.

Resetting a password

The following script will generate the ldif formatted data to feed into ldapmodify

Code Block

#!/bin/sh

# ./reset.sh johndoe <secret>

cat << EOF

dn: uid=$1,ou=people,dc=mifos,dc=org
changetype: modify
replace: userPassword
userPassword: $2
EOF

dn: uid=rwhitney,ou=people,dc=mifos,dc=org
changetype: modify
replace: userPassword
userPassword: Pa55word
then you can invoke it like so

Code Block

./reset.sh johndoe <THE NEW PASSWORD> | ldapmodify -x -W -D cn=admin,dc=mifos,dc=org -h ldap.mifos.org -ZZ

TODO

  • How to add or remove a sysadmin from the LDAP server
    • (or just add to LDAP and point there?)

...