blog'o thnet

To content | To menu | To search

Tag - LDAP

Entries feed - Comments feed

Sunday 6 May 2007

Using LDAP Profile for Storing Client Informations

By Julien Gabel on Sunday 6 May 2007, 21:17 - Solaris

One very interesting feature available in the LDAP client implementation found on the Solaris platform is the capacity to define most of the characteristic of a client specification in a profile, which can itself be stored in an LDAP directory.

This way, you can easily change, deploy and modify common informations for lots of clients. You can even change the duration of these informations, using a Time To Live parameter (such as the TTL found in DNS systems). This can be handy in the case of the push of new or updated settings.

For example, you can easily define a Solaris system as a LDAP client with all of relevant characteristics in the workstation profile:

# ldapclient init \
 -a profileName=workstation \
 -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com \
 -a proxyPassword=proxypassword \
 -a domainName=dc=example,dc=com \
 xx.xx.xx.xx

no comment

Sunday 30 October 2005

Changing user account informations stored in LDAP

By Julien Gabel on Sunday 30 October 2005, 20:50 - General

This little real-life example will be based on changing the user's login shell for a given account.

  • grills represents the LDAP server (master)

Verify that the user exists in the directory server:

# ldaplist passwd jpeg
dn: uid=jpeg,ou=people,dc=thilelli,dc=net

Get detailed parameters for this account:

# ldaplist -l passwd jpeg
dn: uid=jpeg,ou=people,dc=thilelli,dc=net
        cn: jpeg
        uidNumber: 1000
        gecos: Gabel, Julien
        homeDirectory: /u/jpeg
        gidNumber: 1000
        objectClass: posixAccount
        objectClass: shadowAccount
        objectClass: account
        objectClass: top
        uid: ut0tar
        userPassword: XXXXXXXX
        shadowLastChange: 6445
        shadowFlag: 0
        loginShell: /usr/local/bin/bash

Create the desired modifications using a ldif LDAP file:

# ldaplist -l passwd jpeg > ldapmodifiy.jpeg.ldif
/* Edit and save the ldif file. */
#
# cat ldapmodifiy.jpeg.ldif
dn: uid=jpeg,ou=people,dc=thilelli,dc=net
changetype: modify
replace: loginShell
loginShell: /usr/local/bin/ksh

Inject this modification(s) into the LDAP server:

# ldapmodify -h grills -D "cn=Directory Manager" -f ldapmodifiy.jpeg.ldif
Enter bind password: 
modifying entry uid=jpeg,ou=people,dc=thilelli,dc=net

Verify that the changes are done as expected:

# ldaplist -l passwd jpeg
dn: uid=jpeg,ou=people,dc=thilelli,dc=net
        cn: jpeg
        uidNumber: 1000
        gecos: Gabel, Julien
        homeDirectory: /u/jpeg
        gidNumber: 1000
        objectClass: posixAccount
        objectClass: shadowAccount
        objectClass: account
        objectClass: top
        uid: ut0tar
        userPassword: XXXXXXXX
        shadowLastChange: 6445
        shadowFlag: 0
        loginShell: /usr/local/bin/ksh

The example shown below use the ldaplist(1) and ldapmodify(1) commands line, which use and options may vary between OS versions and/or family. Be warned.

no comment