Conklin Technology Group, LLC IT Architecture. Identity Management. Unix Administration

27Apr/100

Adding Posix attributes to your LDAP users

dn: uid=msmith,ou=people,o=root
changetype:modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: 1000
-
add: gidnumber
gidnumber: 100
-
add: homedirectory
homedirectory: /home/msmith
-
add: loginshell
loginshell: /bin/bash

Now that you've got your OpenDS cloud-based server up and running, it's time to start configuring your Unix and Linux servers and workstations to use LDAP for authentication.

Before you get started, here's a few things to consider:

  • The POSIX attributes you'd normally find in the /etc/passwd and /etc/shadow files will now be stored in LDAP.  Things like login shell, numeric user ID, home directory, etc.
  • All of the attributes stored in LDAP for each user will be the same across all of your systems.  Meaning, the 'homedirectory' attribute (let's say its value is "/home/username") will need to exist on all the machines you're going to configure to use LDAP authentication.
  • If you don't have an existing source for what you're going to set the uid value to (something like an employee ID), you'll need to create some sort of mechanism for tracking which values have been used.  This could be a MySQL database, a spreadsheet, or a Post-It note, but you'll want to be sure that you don't assign one uid to multiple users.

(If you missed the last post, about populating your LDAP server with user data, check out the instructions here)

So, one of the first steps you'll need to do is to assign the necessary attribute values to the user records.  You can use the sample LDIF below to get started.  Notice the first change is to add a new objectclass called 'PosixAccount' -- this objectclass contains the attributes you'll need to do Unix authentication.

dn: uid=msmith,ou=people,o=root
changetype:modify
add: objectclass
objectclass: posixaccount

-

add: uidnumber
uidnumber: 1000

-

add: gidnumber
gidnumber: 100

-

add: homedirectory
homedirectory: /home/msmith

-

add: loginshell
loginshell: /bin/bash

Filed under: All, LDAP Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.