ldap 创建用户和组

1.为每个新的用户创建个LDIF文件
#cat zhouly.ldif
dn:uid=zhouly,ou=People,dc=prod,dc=hadoop,dc=feidai,dc=com
objectClass:account
objectClass:posixAccount
objectClass:top
objectClass:shadowAccount
uid:zhouly
cn:zhouly
loginShell:/bin/bash
userPassword:zhouly267489
uidNumber:4001
gidNumber:4801
homeDirectory:/home/zhouly

dn:cn=fkclgroup,ou=Group,dc=prod,dc=hadoop,dc=feidai,dc=com
objectClass:posixGroup
objectClass:top
cn:fkclgroup
gidNumber:4801
memberUid:zhouly

2.添加用户组
#cat addgroup.ldif
dn:cn=fkclgroup,ou=Group,dc=prod,dc=hadoop,dc=feidai,dc=com
objectClass:posixGroup
objectClass:top
cn:fkclgroup
gidNumber:4801

ldapadd -x -W -D "cn=Manager,dc=prod,dc=hadoop,dc=feidai,dc=com" -f addgroup.ldif

3.添加用户
#cat adduser.ldif
dn: uid=zhouly,ou=People,dc=prod,dc=hadoop,dc=feidai,dc=com
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uid: zhouly
cn: zhouly
loginShell: /bin/bash
userPassword: password
uidNumber: 4001
gidNumber: 4801
homeDirectory: /home/zhouly

ldapadd -x -W -D "cn=Manager,dc=prod,dc=hadoop,dc=feidai,dc=com" -f adduser.ldif

4.添加用户到组
#cat u2g.ldif
dn: cn=fkclgroup,ou=Group,dc=prod,dc=hadoop,dc=feidai,dc=com
changetype: modify
add: memberuid
memberuid: uid=zhouly,ou=People,dc=prod,dc=hadoop,dc=feidai,dc=com

ldapmodify -x -W -D "cn=Manager,dc=prod,dc=hadoop,dc=feidai,dc=com" -f u2g.ldif

5.清空SSSD,并重启sssd 服务
rm -f /var/lib/sss/db/cache_default.ldb
service sssd restart

6.列出当前用户和组
ldapsearch -x

7.添加 Principal
kadmin.local -q "addprinc -pw test123 user2@PROD.HADOOP.FEIDAI.COM"

8.删除 Principal
kadmin.local -q "delete_principal user2@PROD.HADOOP.FEIDAI.COM"

8.列出当前的Principal
kadmin.local -q listprincs

9.生成keytab文件
kadmin.local -q "ktadd -k user2.keytab user2@PROD.HADOOP.FEIDAI.COM"

转载于:https://my.oschina.net/u/2510243/blog/1545816