This is a collection of very simple tools to search and update a 389-ds LDAP server container or K8s deployment
-
(Optional) Create a directory to contain these tools and the 389-ds LDAP server container:
mkdir -p ~/389-ds-ldap-server && cd $_
-
Clone this repository:
git clone git@github.com:alexarnoldy/389-ds-LDAP-data-tools.git && cd 389-ds-LDAP-data-tools
-
Use an editor to update the container_variables.txt file to fit your environment
-
Install LDAP client tools on a system that can access the LDAP server (the local system if INSTANCE_NAME is localhost):
sudo zypper -n install openldap2-client
Note
|
Sourcing the container_variables.txt file before each command ensures the correct variables are available for each command invocation |
Note
|
This section of the CaaS Platform administration guide contains examples for managing OU’s, users, and groups: https://documentation.suse.com/suse-caasp/4.0.2/single-html/caasp-admin/#_adding_a_new_organizational_unit |
Caution
|
These tools must be run in the same directory as the container_variable.txt file |
Note
|
The next update to this repo will move the container_variable.txt file to the ~/389-ds-ldap-server directory so both tools and server repos can point to the same file |
-
Create the update file(s) and place them in the updates-processing directory:
add_ou.sh
-
Be prepared to provide the following information:
-
The name of the new Organizational Unit
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
delete_ou.sh
-
Be prepared to provide the following information:
-
The name of the existing Organizational Unit to delete
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
add_group.sh
-
Be prepared to provide the following information:
-
The name of the new Group to create
-
The Organizational Unit to place the new group in
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
delete_group.sh
-
Be prepared to provide the following information:
-
The name of the existing Group to delete
-
The Organizational Unit the group exists in
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
./add_user.sh
-
Be prepared to provide the following information:
-
The login name for the new user (with no spaces)
-
The Organizational Unit to place the new user in
-
The SSHA hash of the user’s password (can use a website like https://www.mkpasswd.net/ and select the hash type of ldap ssha
-
The user’s first name
-
The users' last name
-
The user’s full name
-
The user’s email address
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
./delete_user.sh
-
Be prepared to provide the following information:
-
The login name of the existing user (with no spaces)
-
The Organizational Unit the user exists in
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Create the update file(s) and place them in the updates-processing directory:
add_user_to_group.sh
-
Be prepared to provide the following information:
-
The login name of the existing user (with no spaces)
-
The Organizational Unit the user exists in
-
The name of the existing group the user will added to
-
The Organizational Unit the group exists in
-
-
-
Continue with more updates or move on to the "Apply all of the update file(s) in the updates-proccessing directory" section
-
Review all of the files in the updates-proccessing directory before proceeding
-
Additional .ldif files can be added for batch processing if they fit the schema of the LDAP database
-
Apply the update files:
apply_updates.sh
-
Review the output for any errors/failures
-
Check the updates-processing directory for any update files that were not applied
-
files in the updates-processing directory can be manually edited before attempting to apply them again