====NFS/LDAP Administration====

===LDAP User Administration===

You must be kinited as user principal in tech group or as principal ldapadmin to make changes to kerberos or ldap.

**Creating Users**
%%/usr/local/sbin/ldapadduser <username> <groupname | gid> [uid]%%

kerberos principal is added automatically (user name as password), set in /usr/local/etc/ldapscripts/ldapscripts.conf:
PASSWORDGEN="kadmin.local -q 'addprinc +needchange -pw %u %u'

**Adding/Removing Groups**

%%/usr/local/sbin/ldapaddusertogroup <username | uid | dn> <groupname | gid>%%
%%/usr/local/sbin/ldapdeleteuserfromgroup <username | dn> <groupname | gid>%%

**Removing Users**
%%/usr/local/sbin/ldapdeleteuser <username | uid>%%

PAM UID cutoff is 10000, all ldap ids for users and groups should be > 10000

----
CategoryITMisc