LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Calculate (http://www.linuxquestions.org/questions/calculate-89/)
-   -   Calculate 2 - Managing Accounts LDAP server (http://www.linuxquestions.org/questions/calculate-89/calculate-2-managing-accounts-ldap-server-734753/)

Lautre 06-22-2009 07:57 AM

Calculate 2 - Managing Accounts LDAP server
 
LDAP (Lightweight Directory Access Protocol) provides a rich opportunity for the storage of user accounts. It can be used for various services, such as Mail, FTP, Jabber and to authorize users. Administrating accounts directly using the command access to LDAP is quite difficult. There are various applications, such as the smbldap-tools.

Here I like to explain about the tool - Calculate 2, distributed under a free license, Apache 2 and included in the distribution Calculate Directory Server (CDS).

Currently Calculate 2 can be installed only on the Gentoo-based distribution. Utilities include the following packages: calculate-client, calculate-server and calculate-lib. For setting up the LDAP package calculate-server.

Follow-up actions should be made on the test server. Because all the information on server will be deleted when you configure LDAP Server. when you configure services, to abandon the changes will not be possible.

Installing calculate-server is executed from overlay Calculate, which you can connect through a package layman, adding to the parameter "overlays" the file /etc/layman/layman.cfg line:
http://svn.calculate.ru/overlay/layman-calculate.txt
and following the layman -S && layman -s calculate

Then set the calculate-server. For package dependencies required to install programs such as: postfix, dovecot, proftpd, ejabberd, and of course openldap.

To configure the LDAP server execute the following command:
# cl-setup ldap
* WARNING: Executing of the program will change the configuration files and database of LDAP service.
If you are ready to continue executing the program, input 'yes', if not 'no': yes
* Erased LDAP Database ... [Ok]
* Added ldif file ... [Ok]
* LDAP service configured ... [Ok]

Run the basic setup of configuration files, create the base structure in LDAP.

To provide users with LDAP were seen in all the services, run the following command:
# cl-setup unix
* WARNING: Executing of the program will change the configuration files and database of LDAP service.
If you are ready to continue executing the program, input 'yes', if not 'no': yes
* Added ldif file ... [Ok]
* Unix service configured ... [Ok]

As a result of this click Configure /etc/nsswitch.conf, /etc/pam.d/system-auth, and other configuration files.

Now try to create a Unix user with a group, run:
# cl-groupadd manager unix
* Added group in Unix service ...
# cl-useradd -g manager -p alex unix
New password:
Retype new password:
* Added user in Unix service ...

Check for user in the system can execute the command `id alex`, or with the command `cl-info -U alex unix`.

# id alex
uid=1000(alex) gid=1000(manager) groups=1000(manager)
# cl-info -U alex unix
Information about user 'alex' for service Unix
+----------------------+----------------+
| Field | Value |
+----------------------+----------------+
| ID | 1000 |
| Login | alex |
| Name | Calculate user |
| Lock | No |
| Visible | No |
| Primary group | manager |
| Supplementary groups | manager |
| Home directory | /home/alex |
| Password | Yes |
| Last change password | 24.05.2009 |
| Jabber ID | No |
| Mail | No |
+----------------------+----------------+

To manage your Unix accounts, utilities cl-useradd, the following parameters:
-b, --base-dir BASE_DIR base directory for the new user account home directory
-c, --comment COMMENT set the COMMENT field for the new user account
-d, --home-dir HOME_DIR home directory for the new user account
-g, --gid GROUP force use GROUP for the new user account
-G, --groups GROUPS list of supplementary groups for the new user account
-k, --skel SKEL_DIR specify an alternative skel directory
-m, --create-home create home directory for the new user account
-p, --password use password for the user account (from dialog)
-P use password for the user account (from standard input)
-s, --shell SHELL the login shell for the new user account
-u, --uid UID force use the UID for the new user account
-v, --visible the new user account is visible (default - invisible)

Commands LDAP accounts are similar to the standard unix commands like syntax, and is supported:
cl-useradd, cl-usermod, cl-userdel, cl-groupadd, cl-groupmod, cl-groupdel, cl-passwd
Understanding them will not be a problem. Expanded information on the accounts of users and groups can be obtained using cl-info.

You may have noticed that when you add a user, we used at the end of the command parameter unix. Instead, it may be the importance of samba, mail, jabber, ftp, and proxy.
In fact, using the same commands, you control the users of different services.

In future articles, I plan to continue the description of the capacity of utilities Calculate 2.

Feel free to ask or contribute.

thank you guys.


All times are GMT -5. The time now is 07:06 PM.