[Freeipa-devel] ipa-cli examples
Masato Taruishi
taruishi at redhat.com
Tue Jul 3 18:25:10 UTC 2007
Hi, FreeIPA guys.
Sorry about my stupid mail. I'm new to FreeIPA, but
instersted in this project.
I couldn't find the design detail but I experimentally
wrote a simple flexible library to manage LDAP, and others,
entries and some tools using the library in this weekend.
It's a very quick implementation, poor feature and needs
refactoring, but if it's useful for this project, I'd like
to contribute these tools.
Summary:
=========
- flexible LDAP management library in python including
* PasswordModifyExtension support
* PagedResultsControl support
- example command line tools
* ipa-useradd
Add a user to LDAP like /usr/sbin/useradd
* ipa-userdel
Delete a user from LDAP like /usr/sbin/userdel
* ipa-vipw
Edit user database in LDAP like /usr/sbin/vipw
* ipa-passwd
Change user password in LDAP by using Password
Modify Extension
How To Use:
=============
1. Install python-ldap
~# yum install python-ldap
2. Unpack ipa-cli-taru.tar.gz
~$ tar zxf ipa-cli-taru.tar.gz
3. Change directory
~$ cd ipa-cli/src
4. Add user
~$ ./ipa-useradd -H ldap://localhost/dc=example,dc=com \
-D 'cn=Directory Manager' -w <password> user1
5. Edit user
~$ ./ipa-vipw -H
ldap://localhost/dc=example,dc=com???objectClass=posixAccount \
-D 'cn=Directory Manager' -w <password>
6. Change password
~$ ./ipa-passwd -H ldap://localhost/dc=example,dc=com \
-D 'cn=Directory Manager' -w <password> -Z user1
Old password: <press enter>
New password: <press freeipa>
New password(again): <press freeipa>
7. Remove user
~$ ./ipa-userdel -H ldap://localhost/dc=example,dc=com \
-D 'cn=Directory Manager' -w <password> user1
The following README file can be found in the attached
tarball, but you can read the document here before
unpacking the tarball.
I hope this work will help this project.
Best regards.
====================
REAMDE in tarball
====================
Required packages:
python-ldap
Overview
========
This directory contains a library to manage LDAP entries and command
line
tools using the library. Currently, the following experimental command
line tools are provided:
* ipa-useradd
Add a user to LDAP with similar interfaces to /usr/sbin/useradd
* ipa-userdel
Delete a user from LDAP with similar interfaces to /usr/sbin/userdel
* ipa-vipw
Edit user database in LDAP with similar interfaces to /usr/sbin/vipw
* ipa-passwd
Change user password in LDAP by using Password Modify Extension
ipa-useradd
-----------
'ipa-useradd' easily adds a new user to LDAP.
Example
~$ ipa-useradd -H ldap://localhost/ou=users,dc=example,dc=com \
-D 'cn=Directory Manager' -w secret user1
Usage:
usage: ipa-useradd [options] LOGIN
options:
-h, --help show this help message and exit
-H URL, --url=URL LDAP url
-D BINDDN, --binddn=BINDDN
bind DN
-w BINDPW, --bindpw=BINDPW
bind password
--config=CONFIG config file
-S SECTION, --section=SECTION
use SECTION for user account container
-Z Start TLS request for LDAP connection
-d HOME_DIR, --home-dir=HOME_DIR
home directory for the new user account
-c COMMENT, --comment=COMMENT
set the GECOS field for the new user account
-g GROUP, --gid=GROUP
force use GROUP for the new user account
-p PASSWORD, --password=PASSWORD
use encrypted password for the new user
account
-s SHELL, --shell=SHELL
the login shell for the new user account
-u UID, --uid=UID force use the UID for the new user account
ipa-userdel
-----------
'ipa-usedel' easily deletes a user from LDAP.
Example
~$ ipa-userdel -H ldap://localhost/ou=users,dc=example,dc=com \
-D 'cn=Directory Manager' -w secret user1
Usage
usage: ipa-userdel [options] LOGIN
options:
-h, --help show this help message and exit
-H URL, --url=URL LDAP url
-D BINDDN, --binddn=BINDDN
bind DN
-w BINDPW, --bindpw=BINDPW
bind password
--config=CONFIG config file
-S SECTION, --section=SECTION
use SECTION for user account container
-Z Start TLS request for LDAP connection
ipa-vipw
--------
'ipa-vipw' creates a /etc/passwd-like file by using LDAP in order to
edit
LDAP users easily.
Example
~$ ipa-vipw \
-H
ldap://localhost/ou=users,dc=example,dc=com???objectClass=posixAccount \
-D 'cn=Directory Manager' -w secret
Usage
usage: ipa-vipw [options]
options:
-h, --help show this help message and exit
-H URL, --url=URL LDAP url
-D BINDDN, --binddn=BINDDN
bind DN
-w BINDPW, --bindpw=BINDPW
bind password
--config=CONFIG config file
-S SECTION, --section=SECTION
use SECTION for user account container
-s SCOPE, --scope=SCOPE
LDAP search scope: one of 'one' or 'sub'
-C COLUMNS, --columns=COLUMNS
list of colums
-Z Start TLS request for LDAP connection
ipa-passwd
----------
'ipa-passwd' asks old password and new password twice and change the
user password in LDAP by using LDAP Password Modify Extension.
If you bind as rootdn, then you don't have to input 'Old password: '
and just press enter.
Example
~$ ipa-passwd \
-H ldap://localhost/ou=users,dc=example,dc=com \
-D 'cn=Directory Manager' -w secret -Z user1
Old password: <press enter>
New password: <press freeipa>
New password(again): <press freeipa>
Usage
usage: ipa-passwd [options] [LOGIN]
options:
-h, --help show this help message and exit
-H URL, --url=URL LDAP url
-D BINDDN, --binddn=BINDDN
bind DN
-w BINDPW, --bindpw=BINDPW
bind password
--config=CONFIG config file
-S SECTION, --section=SECTION
use SECTION for user account container
-Z Start TLS request for LDAP connection
Configuration
=============
You can use configuration file to define your database in order to
reduce command line arguments. The format of the configuration file
follows python general configuration format such as:
[section]
option = value
option2 = value2
...
Example:
[user]
url =
ldap://localhost/ou=users,dc=example,dc=com???objectClass=posixAccount
dn = cn=Directory Manager
password = secret
If you create the above configration to the file 'ipa.cf', then
the proper command would be:
~$ ipa-useradd --config ipa.cf -S user user1
~$ ipa-userdel --config ipa.cf -S user user1
~$ ipa-vipw --config ipa.cf -S user
Supported Options
-----------------
The following options are supported:
url = ldap://localhost/ The LDAP URL of this container.
BNF definition of LDAP URL.
hostport host:port
dn distinguished name
attributes list with attributes
scope search scope string
filter LDAP search filter
ldapurl = scheme "://" [hostport]
["/"
[dn ["?" [attrs] ["?" [scope]
["?" [filter] ["?"
extensions]]]]]]
You can attributes, scope, filter
terminal to
specify these values rather than
using
'attrs', 'scope', 'filterstr' options
below.
These values are ignored if you use
the
options.
<extensions> are currently not used.
attrs = cn,uid,ou Attribute List separated by comma
filterstr = objectClass=person LDAP Filter String
scope = one|sub LDAP Search Scope
auehmethod = anonymous|simple LDAP BIND method, anonymous bind
or simple bind
dn = cn=Directory Manager BINDDN for simple bind
password = a BINDPW for simple bind
debug = true Turn on debugging for this container
page_size = 10 Size of Page for LDAP
PagedResultControl
tls = true Enable StartTLS extension
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipa-cli-taru.tar.gz
Type: application/x-compressed-tar
Size: 11858 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070704/4270e47e/attachment.bin>
More information about the Freeipa-devel
mailing list