Administrative LDAP user example

From Brandonhutchinson.com

Revision as of 20:55, 7 August 2008 by Hutch (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

In our environment, we allow another team to add and remove LDAP users via a Perl script. The name of the account is uid=useradd,dc=subdomain,dc=example,dc=com.

  • Create the account using the following LDIF:
uid=useradd,dc=subdomain,dc=example,dc=com
uid=useradd
givenName=useradd account
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetorgperson
sn=for ldap script
cn=useradd account for ldap script
userPassword=password
  • We intentionally do not place the account within ou=people so that it is not displayed using ldaplist passwd.
  • We also do not make the account a member of the objectClasses posixAccount and shadowAccount so that various non-applicable attributes are not required (e.g., homeDirectory, loginShell, etc.).
Personal tools