How to Add LDAP Users and Groups in OpenLDAP on Linux

To add
something to the LDAP directory, you need to first create a LDIF file.
The
ldif file should contain definitions for all attributes that are required for
the entries that you want to create.
With this ldif file, you can use ldapadd command to import the
entries into the directory as explained in this tutorial.

If you are new to OpenLDAP, you should first install OpenLDAP on your system.

Create a LDIF file for New User
The
following is a sample LDIF file that will be used to create a new user.
# cat adam.ldif
dn: uid=adam,ou=users,dc=tgs,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: adam
uid: adam
uidNumber: 16859
gidNumber: 100
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: adam
userPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
Add a LDAP User using ldapadd
Now,
use ldapadd command and the above ldif file to create a new user called adam in
our OpenLDAP directory as shown below:
# ldapadd -x -W -D “cn=ramesh,dc=tgs,dc=com”
-f adam.ldif
Enter LDAP Password:
adding new entry
“uid=adam,ou=users,dc=tgs,dc=com”
Assign Password to LDAP User
To set
the password for the LDAP user we just created above, use ldappasswd command as
shown in the below example:
# ldappasswd -s welcome123 -W -D
“cn=ramesh,dc=tgs,dc=com” -x
“uid=adam,ou=users,dc=tgs,dc=com”
Enter LDAP Password:
In the
above command:
§  -s
specify the password for the username entry
§  -x The
username entry for which the password is changed
§  -D
specify your DN here. i.e Distinguished name to authenticate in the server
Create LDIF file for New Group
Similar
to adding user, you’ll also need a ldif file to add a group.
To add
a new group to the LDAP groups OU, you need to create a LDIF with the group
information as shown in the example ldif file below.
# cat group1.ldif
dn: cn=dbagrp,ou=groups,dc=tgs,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 678
Add a LDAP Group using ldapadd
Just
like adding user, use ldapadd command to add the group from the group1.ldif
file that we created above.
# ldapadd -x -W -D
“cn=ramesh,dc=tgs,dc=com” -f group1.ldif
Enter LDAP Password:
adding new entry
“cn=dbagrp,ou=groups,dc=tgs,dc=com”
Create LDIF file for an existing Group
To add
an existing user to a group, we should still create an ldif file.
First,
create an ldif file. In this example, I am adding the user adam to the dbagrp
(group id: 678)
# cat file1.ldif
dn: cn=dbagrp,ou=groups,dc=tgs,dc=com
changetype: modify
add: memberuid
memberuid: adam
Add an User to an existing Group using ldapmodify
To add
an user to an existing group, we’ll be using ldapmodify. This example will use
the above LDIF file to add user adam to dbagrp.
# ldapmodify -x -W -D “cn=ramesh,dc=tgs,dc=com”
-f file1.ldif
Enter LDAP Password:
modifying entry
“cn=dbagrp,ou=groups,dc=tgs,dc=com”
Verify LDAP Entries
Once
you’ve added an user or group, you can use ldapsearch to verify it.
Here is
a simple example to verify if the users exists in the LDAP database:
# ldapsearch -x -W -D
“cn=ramesh,dc=tgs,dc=com” -b
“uid=adam,ou=users,dc=tgs,dc=com” “(objectclass=*)”
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=adam,ou=users,dc=tgs,dc=com>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# adam, users, tgs.com
dn: uid=adam,ou=users,dc=tgs,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: adam
uid: adam
uidNumber: 16859
gidNumber: 100
homeDirectory: /home/adam
loginShell: /bin/bash
gecos: adam
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
userPassword::
e1NTSEF9b0lPd3AzYTBmT2xQcHBPNDcrK0VHRndEUjdMV2hSZ2U=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Delete an Entry from LDAP using ldapdelete
If
you’ve made a mistake while adding an user or group, you can remove the entry
using ldapdelete.
To
delete an entry, you don’t need to create an ldif file. The following will
delete user “adam” that we created earlier.
# ldapdelete -W -D
“cn=ramesh,dc=tgs,dc=com”

  • February 28, 2019 | 16 views
  • Comments