Difference between revisions of "Adding local users"

From PDP/Grid Wiki
Jump to navigationJump to search
m
m
Line 1: Line 1:
 +
[[Image:Ndpfuseradd-selectDN.png|thumb|Select your DN in the first screen, and give your LDAP management password]]
 +
[[Image:Ndpfuseradd-selectGid.png|thumb|Select the Unix group for the new user]]
 +
[[Image:Ndpfuseradd-uinfo.png|thumb|Provide the new user's personal information, unix group (override) and initial quota]]
 +
 
An interactive 'ndpfuseradd' script is now available from SVN and is installed (via RPMs) in /usr/local/sbin/ on selected machines (hooimijt, vlaai, stal), but can be installed anywhere if you like.
 
An interactive 'ndpfuseradd' script is now available from SVN and is installed (via RPMs) in /usr/local/sbin/ on selected machines (hooimijt, vlaai, stal), but can be installed anywhere if you like.
  
Line 6: Line 10:
 
* the tool (and the RPM dependencies) require perl-LDAP, perl-IO-Socket-SSL, perl-Net-SSLeay, and the 'dialog' command
 
* the tool (and the RPM dependencies) require perl-LDAP, perl-IO-Socket-SSL, perl-Net-SSLeay, and the 'dialog' command
  
[[Image:Ndpfuseradd-selectDN.png|thumb|Select your DN in the first screen, and give your LDAP management password]]
+
 
[[Image:Ndpfuseradd-selectGid.png|thumb|Select the Unix group for the new user]]
 
 
Then start the tool - it's fully interactive. Login first, then select the (unix) group you want to add the new user to, and then complete his personal details. Have the new user's SSH key handy and it will be automatically inserted as well. It's simple now:
 
Then start the tool - it's fully interactive. Login first, then select the (unix) group you want to add the new user to, and then complete his personal details. Have the new user's SSH key handy and it will be automatically inserted as well. It's simple now:
  

Revision as of 16:54, 23 December 2008

Select your DN in the first screen, and give your LDAP management password
Select the Unix group for the new user
Provide the new user's personal information, unix group (override) and initial quota

An interactive 'ndpfuseradd' script is now available from SVN and is installed (via RPMs) in /usr/local/sbin/ on selected machines (hooimijt, vlaai, stal), but can be installed anywhere if you like.

Prerequisites for using this tool:

  • you must have your ssh key in an agent, and you must be able to login as root via ssh on the file server hosting the end-user home directories
  • you must be in the list of LDAP managers hard-coded in the tool
  • the tool (and the RPM dependencies) require perl-LDAP, perl-IO-Socket-SSL, perl-Net-SSLeay, and the 'dialog' command


Then start the tool - it's fully interactive. Login first, then select the (unix) group you want to add the new user to, and then complete his personal details. Have the new user's SSH key handy and it will be automatically inserted as well. It's simple now:

/usr/local/sbin/ndpfuser

Just before committing the new entries to LDAP and the NFS server, you'll get to review the new entries. If you don't like them, press ESC twice to exit (actually, that will exit at any dialog box), and you're in the clear. Also, some basic sanity checks are built in, but you can likely break the tool if you want to.

Sources

In subversion:

 https://ndpfsvn.nikhef.nl/repos/pdpsoft/trunk/nl.nikhef.ndpf.tools/ndpfuseradd/

and the RPMs are at

 http://stal.nikhef.nl/mirror/nikhef/ndpfuseradd-1.0-1.noarch.rpm



I tried extracting the list of managers automatically, but after having secured the LDAP server so that anonymous users can no longer glance such information with a single ldapsearch, I found myself in a catch22 situation (you need to bind to directory in order to see who you can bind as ...). Too bad, but I agree it still needs a configuration file instead of a hard coded list in the script. Will work on this.