[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bookworm/HowTo/Administration" by GuidoBerhoerster
Debian Wiki
wiki at debian.org
Wed Oct 11 10:16:57 BST 2023
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.
The "DebianEdu/Documentation/Bookworm/HowTo/Administration" page has been changed by GuidoBerhoerster:
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/HowTo/Administration?action=diff&rev1=4&rev2=5
Comment:
Expand section about the improved ldap-createuser-krb5 script
User dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
}}}
- == ldap-createuser-krb, a command-line tool ==
+ == ldap-createuser-krb5, a command-line tool for adding users ==
- `ldap-createuser-krb` is a small command line tool to create LDAP users and set their passwords in Kerberos. It's mostly useful for testing, though.
+ `ldap-createuser-krb` is a small command line tool to create user accounts, it is invoked as follows:
+
+ {{{
+ ldap-createuser-krb5 [-u uid] [-g gid] [-G group[,group]...] [-d department] <username> <gecos>
+ }}}
+
+ All arguments except the username and GECOS field are optional, the latter usually should contain the full name of the user. Unless specified the too will pick the next free UID and GID automatically and not assign any additional groups to the user. If no department is given, it will pick the first ''gosaDepartment'' from LDAP which is likely ''skole'' and for regular users usually not what you want, so you should pick an appropriate value for the user, e.g. ''Teachers'' or ''Students''. After entering and confirming the password and entering the LDAP administrator password, `ldap-createuser-krb5` will create the user account in LDAP, set the Kerberos password, create the home directory, and add a corresponding Samba user. The following screenshot shows an example invocation to create a user account named `harhir` for a teacher hose full name is "Harry Hirsch":
+
+ {{{
+ root at tjener:~# ldap-createuser-krb5 -d Teachers harhir "Harry Hirsch"
+ new user password:
+ confirm password:
+
+ dn: uid=harhir,ou=people,ou=Teachers,dc=skole,dc=skolelinux,dc=no
+ changetype: add
+ objectClass: top
+ objectClass: person
+ objectClass: organizationalPerson
+ objectClass: inetOrgPerson
+ objectClass: gosaAccount
+ objectClass: posixAccount
+ objectClass: shadowAccount
+ objectClass: krbPrincipalAux
+ objectClass: krbTicketPolicyAux
+ sn: Harry Hirsch
+ givenName: Harry Hirsch
+ uid: harhir
+ cn: Harry Hirsch
+ userPassword: {CRYPT}$y$j9T$TWnq55O1rvyLhjF.$oVf.t.RXC1v/4Y8FhV0umno629mo7bP7/YJyig6HET6
+ homeDirectory: /skole/tjener/home0/harhir
+ loginShell: /bin/bash
+ uidNumber: 1004
+ gidNumber: 1004
+ gecos: Harry Hirsch
+ shadowLastChange: 19641
+ shadowMin: 0
+ shadowMax: 99999
+ shadowWarning: 7
+ krbPwdPolicyReference: cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no
+ krbPrincipalName: harhir at INTERN
+
+ ldap_initialize( <DEFAULT> )
+ Enter LDAP Password:
+ add objectClass:
+ top
+ person
+ organizationalPerson
+ inetOrgPerson
+ gosaAccount
+ posixAccount
+ shadowAccount
+ krbPrincipalAux
+ krbTicketPolicyAux
+ add sn:
+ Harry Hirsch
+ add givenName:
+ Harry Hirsch
+ add uid:
+ harhir
+ add cn:
+ Harry Hirsch
+ add userPassword:
+ {CRYPT}$y$j9T$TWnq55O1rvyLhjF.$oVf.t.RXC1v/4Y8FhV0umno629mo7bP7/YJyig6HET6
+ add homeDirectory:
+ /skole/tjener/home0/harhir
+ add loginShell:
+ /bin/bash
+ add uidNumber:
+ 1004
+ add gidNumber:
+ 1004
+ add gecos:
+ Harry Hirsch
+ add shadowLastChange:
+ 19641
+ add shadowMin:
+ 0
+ add shadowMax:
+ 99999
+ add shadowWarning:
+ 7
+ add krbPwdPolicyReference:
+ cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no
+ add krbPrincipalName:
+ harhir at INTERN
+ adding new entry "uid=harhir,ou=people,ou=Teachers,dc=skole,dc=skolelinux,dc=no"
+ modify complete
+
+ Authenticating as principal root/admin at INTERN with password.
+ kadmin.local: change_password harhir at INTERN
+ Enter password for principal "harhir at INTERN":
+ Re-enter password for principal "harhir at INTERN":
+ Password for "harhir at INTERN" changed.
+ kadmin.local: lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
+ Added user harhir.
+ }}}
== Using stable-updates ==
More information about the debian-edu-commits
mailing list