[Fedora-directory-users] Adding users after replacing NIS

[George Holbert]

>
> My question now is, how do I add new users to the DS...
>   

To add data to your directory, including users, you can use whatever 
LDAP modification tool you like.  The most basic option is the 
ldapmodify command, but depending on how often you add or update users, 
you will probably get tired of manually typing LDIF input for 
ldapmodify.  You could also use the Fedora console, write your own 
scripts, or look into other LDAP admin programs (there are several).

> ...with the necessary shadowAccount attributes? How do I generate the crypted userPassword, shadowLastChange, etc. values?
Using your favorite LDAP admin program :), you can assign whatever 
initial values you want for the shadow attributes.
If pam/nss_ldap is so configured on your Linux clients, the passwd 
command will update the shadow attributes when passwords are changed.
Solaris 8 LDAP clients ignore shadow attributes, so you might not want 
to rely on LDAP-based shadow if you have Solaris 8 in your environment.

Fedora DS can hash passwords several ways, including crypt.  You can 
choose the default password hash in the Fedora console.  The directory 
server will hash userPassword attributes with whatever hash you select.

Note that changes to the default password hash are only effective for 
subsequent userPassword updates.  In other words, changing the hash does 
not cause a re-hash of every userPassword attribute in the directory.

-- George


Oscar A. Valdez wrote:
> I've followed the instructions in Gerald Carter's "LDAP System
> Administration", specifically those in Chapter 6: Replacing NIS.
>
> I've used PADL's scripts to migrate the info
> from /etc/passwd, /etc/shadow, and /etc/group into the DS server. My
> question now is, how do I add new users to the DS, with the necessary
> shadowAccount attributes? How do I generate the crypted userPassword,
> shadowLastChange, etc. values?
>