Wiki source for AdminNFS
====NFS/LDAP Administration====
===LDAP User Administration===
You must be kinited as user principal in tech group or as principal ldapadmin to make changes to kerberos or ldap.
**Creating Users**
%%/usr/local/sbin/ldapadduser <username> <groupname | gid> [uid]%%
kerberos principal is added automatically (user name as password), set in /usr/local/etc/ldapscripts/ldapscripts.conf:
PASSWORDGEN="kadmin.local -q 'addprinc +needchange -pw %u %u'
**Adding/Removing Groups**
%%/usr/local/sbin/ldapaddusertogroup <username | uid | dn> <groupname | gid>%%
%%/usr/local/sbin/ldapdeleteuserfromgroup <username | dn> <groupname | gid>%%
**Removing Users**
%%/usr/local/sbin/ldapdeleteuser <username | uid>%%
PAM UID cutoff is 10000, all ldap ids for users and groups should be > 10000
----
CategoryITMisc
===LDAP User Administration===
You must be kinited as user principal in tech group or as principal ldapadmin to make changes to kerberos or ldap.
**Creating Users**
%%/usr/local/sbin/ldapadduser <username> <groupname | gid> [uid]%%
kerberos principal is added automatically (user name as password), set in /usr/local/etc/ldapscripts/ldapscripts.conf:
PASSWORDGEN="kadmin.local -q 'addprinc +needchange -pw %u %u'
**Adding/Removing Groups**
%%/usr/local/sbin/ldapaddusertogroup <username | uid | dn> <groupname | gid>%%
%%/usr/local/sbin/ldapdeleteuserfromgroup <username | dn> <groupname | gid>%%
**Removing Users**
%%/usr/local/sbin/ldapdeleteuser <username | uid>%%
PAM UID cutoff is 10000, all ldap ids for users and groups should be > 10000
----
CategoryITMisc
