[Fedora-directory-users] ObjectClass PosixGroup + UID/GID auto-generation
Ryan Braun [ADS]
ryan.braun at ec.gc.ca
Mon Aug 11 19:38:28 UTC 2008
On Monday 11 August 2008 11:35, Kashif Ali wrote:
I use perl for most of my user management, and I grabbed this idea from one
of the samba-ldap helper scripts, could be from idealx not too sure really.
But basically, you just create an object that holds 2 values. The current
available UID and GID. Then your perl script queries ldap for that object,
uses the available UID, then increments it and writes it back to ldap.
Something like
# grab it from ldap
$mesg = $ldap->search(filter=>"(objectClass=UnixIdPool)",
base=>"ou=Special Users,$config{BASE_DN}",
attrs=> ['uidNumber'],
);
$config{NextID} = $mesg->entry(0)->get_value('uidNumber');
# update nextfreeid attribute
$mesg = $ldap->modify("cn=idPool,ou=Special Users,$config{BASE_DN}", replace
=> { "uidNumber" => $config{NextID}+1 } );
Here is the schema I use for the object.
objectClasses: ( UnixIdPool-oid NAME 'UnixIdPool' SUP top STRUCTURAL MUST ( cn
$ gidNumber $ uidNumber ) X-ORIGIN 'user defined' )
Ryan
> Yes I was talking about FDS :)
>
> Well atleast I can hope that more people want these features so they get
> added in :).
>
> I have created a wiki article on the installation if anyone is interested.
>
> http://wiki.unixcraft.com/display/MainPage/Fedora+Directory+Server
>
>
> 2008/8/11 solarflow99 <solarflow99 at gmail.com>
>
> > On 8/11/08, Kashif Ali <snake007uk at gmail.com> wrote:
> >> Hello All,
> >>
> >> After spending a long weekend, configuring Fedora-DS to have central
> >> autentication + Central home dirs, I now have two issues which I would
> >> like to know if anyone can help me with.
> >>
> >> 1) Currently when adding a new user, I have to manually goto advanced
> >> options and add a value called posixgroup to the object class, this is
> >> so that groupID have a name and you dont see the error GroupID name not
> >> found when logging onto a box. Is there anyway to update the default
> >> user template, so that, when you enable posixaccount, posixgroup
> >> objectclass is automatically added? thus removing the manual process?
> >
> > This is in the FDS console you are talking about right? This would be
> > nice to have, but I guess unless you can change the java code, its still
> > less flexible in this way. Often people will use a different front end
> > such as ldapadmin, while the FDS console is preferred for controlling
> > replication, etc.
> >
> > 2) Is there anyway to get the directory server generate UNIQUE UID/GID
> >
> >> based on last uid created. Ideally I would like the range to start from
> >> 5000 and finish at 8000. The automatic procedure would just use the next
> >> available uid/gid in the list, again removing the need for the user to
> >> check and make sure the id is unique.
> >
> > It looks like most front ends favour choosing a random one, then require
> > you to set it manually to what you want. This is to avoid possible
> > conflicts without having to build in a way to check for this, I agree it
> > should be an available option though.
> >
> > http://sourceforge.net/forum/forum.php?thread_id=1965645&forum_id=305548&
> >abmode=1
> >
> >
> >
> > any help with either of these issues would be much appreciated.
> >
More information about the Fedora-directory-users
mailing list