LDAP 帳號管理

1. 產生帳號 ldif 檔
   

   [root@ildap ~]# vim ldapuser1.ldif
   dn: uid=ldapuser1,ou=People,dc=deyu,dc=wang
   sn: ldapuser1
   uid: ldapuser1
   mail:ldapuser1@csie.cyut.edu.tw
   o: 資工系
   cn: ldapuser1
   objectClass: inetOrgPerson
   objectClass: posixAccount
   objectClass: top
   userPassword: {SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP
   loginShell: /bin/bash
   uidNumber: 1001
   gidNumber: 1001
   homeDirectory: /home/guests/ldapuser1
   

2. 加入帳號
   

   [root@ildap ~]# ldapadd -x -D "cn=Manager,dc=deyu,dc=wang" -w secretpassword -f ldapuser1.ldif
   

3. 改變帳號密碼
   

   [root@ildap ~]# ldappasswd -s newpassword -D "cn=Manager, dc=deyu,dc=wang" -W -x "uid=ldpauser1,ou=People,dc=deyu,dc=wang"
   

4. 刪除帳號
   

   [root@ildap ~]# ldapdelete -D "cn=Manager, dc=deyu,dc=wang" -W "uid=ldapuser1,ou=People,dc=deyu,dc=wang"
   

5. 查詢帳號
   

   [root@dywH ~]# ldapsearch -x -b "uid=ldapuser1,ou=People,dc=deyu,dc=wang" -s sub "objectclass=*"
   # extended LDIF
   #
   # LDAPv3
   # base <uid=ldapuser1,ou=People,dc=deyu,dc=wang> with scope subtree
   # filter: objectclass=*
   # requesting: ALL
   #
   
   # ldapuser1, People, deyu.wang
   dn: uid=ldapuser1,ou=People,dc=deyu,dc=wang
   uid: ldapuser1
   cn: ldapuser1
   objectClass: account
   objectClass: posixAccount
   objectClass: top
   loginShell: /bin/bash
   uidNumber: 1001
   gidNumber: 1001
   homeDirectory: /home/guests/ldapuser1
   
   # search result
   search: 2
   result: 0 Success
   
   # numResponses: 2
   # numEntries: 1
   

6. 建立 ldif 檔修改帳號 ldapuser1 的 entry，1.ldif 若多於一筆，必須以空白行隔開。若只要修改一筆，不以檔案批次修改而改以 STDIN 輸入也可以。
   

   [root@dywH ~]# vim 1.ldif
   [root@dywH ~]# cat 1.ldif
   dn: uid=ldapuser1,ou=People,dc=deyu,dc=wang
   changetype: modify
   replace: loginShell
   loginShell: /sbin/nologin
   

7. 以 1.ldif 檔修改帳號 ldapuser1 的 loginShell。
   

   [root@dywH ~]# ldapmodify -h localhost -x -w '123qwe' -D "cn=Manager,dc=deyu,dc=wang" -f 1.ldif
   modifying entry "uid=ldapuser1,ou=People,dc=deyu,dc=wang"
   

8. 再次查詢帳號 ldapuser1 的 loginShell 已改為 /sbin/nologin。
   

   [root@dywH ~]# ldapsearch -x -b "uid=ldapuser1,ou=People,dc=deyu,dc=wang" -s sub "objectclass=*"
   # extended LDIF
   #
   # LDAPv3
   # base <uid=ldapuser1,ou=People,dc=deyu,dc=wang> with scope subtree
   # filter: objectclass=*
   # requesting: ALL
   #
   
   # ldapuser1, People, deyu.wang
   dn: uid=ldapuser1,ou=People,dc=deyu,dc=wang
   uid: ldapuser1
   cn: ldapuser1
   objectClass: account
   objectClass: posixAccount
   objectClass: top
   uidNumber: 2001
   gidNumber: 2001
   homeDirectory: /home/guests/ldapuser1
   loginShell: /sbin/nologin
   
   # search result
   search: 2
   result: 0 Success
   
   # numResponses: 2
   # numEntries: 1