From owner-freebsd-questions@FreeBSD.ORG Wed Jul 27 12:12:05 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B997016A41F for ; Wed, 27 Jul 2005 12:12:05 +0000 (GMT) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04F2043D48 for ; Wed, 27 Jul 2005 12:12:04 +0000 (GMT) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.13.3/8.13.3) with ESMTP id j6RCDPj4030496; Wed, 27 Jul 2005 14:13:25 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.13.3/8.13.3/Submit) id j6RCDP0U030495; Wed, 27 Jul 2005 14:13:25 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Wed, 27 Jul 2005 14:13:25 +0200 From: Ruben de Groot To: martin@orbweavers.co.uk Message-ID: <20050727121325.GA29568@ei.bzerk.org> Mail-Followup-To: Ruben de Groot , martin@orbweavers.co.uk, freebsd-questions@freebsd.org References: <3040.217.37.3.201.1122457154.squirrel@www.orbweavers.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3040.217.37.3.201.1122457154.squirrel@www.orbweavers.co.uk> User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, score=-5.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=failed version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on ei.bzerk.org Cc: freebsd-questions@freebsd.org Subject: Re: LDAP/nss_ldap adduser script X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2005 12:12:05 -0000 On Wed, Jul 27, 2005 at 10:39:14AM +0100, martin@orbweavers.co.uk typed: > Hi all, > > I've been using an ldap directory for quite a while now for my network > logins, and love it. Problem is, it can be quite cumbersome to work > with, any ldap clients I have looked at are either very sketchy or > overly cumbersome for simple tasks (adding/removing users etc.), and > ldif file format is a major pain to work with. > > My first question is - is anyone aware of a good light and stable ldap > client that is easy to setup and use. My own research suggests no, which > leads onto my proposal - > > I'm planning on writing a few basic scripts for working with the system > - a 'ldap_adduser', 'ldap_rmuser' etc. Nothing major, not a full suite > of utilities, just the basics to make life a little easier. > > I've had a look at the adduser script and it should be straight forward > enough to tailer to this purpose, and I can't see any difficulties in > writing them - check /etc/ldap.conf for the location of the users & > groups, pops the details into an ldif and runs it through the ldap > client. The one thing I am not sure about is getting the next available > uid number, but I'm sure the answer will become apparent. > > So before I get into the meat of this, I wanted to check if anyone has > any suggestions or comments. Well, how would you go about determining the default user's set of objectclasses and attributes? e.g. we have in our ldap users with different combinations of sambaSamAccount, posixAccount and courierMailAccount. If you want your script to be flexible enough to provide all possible options, you'll end up writing a very complex script. But good luck anyway ;-) Ruben