If you see "::" in userPassword this means that hash/password is ecrypted in base64 before listing in ldif. This rule apply for other attributes aswell. Usually it's used when attribute have some non-ascii chars. Usually you don't need to worry about it because most apps can handle this.
I wrote it by hand soo there may be some errors. The "-" signs are important, They mean that operation on this entry are not finished and they provide something like transactions in databases - I noticed this myself. All operations on entry must be correct or none will be applied.
what would be the ldif file format for these changes ??
Thanks for your help .
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-14-2012, 01:18 PM
Rich Megginson
Modify users attributes
On 08/14/2012 06:36 AM, Grzegorz Dwornicki wrote:
I should look similat to this:
dn: uid=jsmith,ou=users,l=uk,dc=fosiul,dc=lan
changetype: modrdn
newrrdn: uid=new_uid_value
deleteoldrdn: 1
-
changetype: modify
replace: loginshell
loginshell: /bin/nologin
-
modify: userPassword
userPassword: asfasfasfasfasfasfasfdPQ=
note - there should be no blank lines above - it appears as though
the first "-" is preceded by a blank line - there should be no blank
lines
Also - userPassword should be in clear text - do not send pre-hashed
passwords to the directory server.
For more information about ldif - man ldif
If you see "::" in userPassword this means that hash/password is
ecrypted in base64 before listing in ldif. This rule apply for
other attributes aswell. Usually it's used when attribute have
some non-ascii chars. Usually you don't need to worry about it
because most apps can handle this.
I wrote it by hand soo there may be some errors. The "-" signs are
important, They mean that operation on this entry are not finished
and they provide something like transactions in databases - I
noticed this myself. All operations on entry must be correct or
none will be applied.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
08-14-2012, 02:11 PM
Fosiul Alam
Modify users attributes
Hi
thanks for great help
Everything works from script point of view
Just a quick question
How will i just get All uidNumber (userid) ??
which commands will show me all uidNumber ??
thanks
On Tue, Aug 14, 2012 at 2:18 PM, Rich Megginson <rmeggins@redhat.com> wrote:
> On 08/14/2012 06:36 AM, Grzegorz Dwornicki wrote:
>
> I should look similat to this:
>
> dn: uid=jsmith,ou=users,l=uk,dc=fosiul,dc=lan
> changetype: modrdn
> newrrdn: uid=new_uid_value
> deleteoldrdn: 1
>
> -
> changetype: modify
> replace: loginshell
> loginshell: /bin/nologin
> -
> modify: userPassword
> userPassword: asfasfasfasfasfasfasfdPQ=
>
>
> note - there should be no blank lines above - it appears as though the first
> "-" is preceded by a blank line - there should be no blank lines
>
> Also - userPassword should be in clear text - do not send pre-hashed
> passwords to the directory server.
>
> For more information about ldif - man ldif
>
>
> If you see "::" in userPassword this means that hash/password is ecrypted in
> base64 before listing in ldif. This rule apply for other attributes aswell.
> Usually it's used when attribute have some non-ascii chars. Usually you
> don't need to worry about it because most apps can handle this.
>
> I wrote it by hand soo there may be some errors. The "-" signs are
> important, They mean that operation on this entry are not finished and they
> provide something like transactions in databases - I noticed this myself.
> All operations on entry must be correct or none will be applied.
>
> Greg.
>
> send from htc desire z
>
> 14-08-2012 13:40, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>
>> Hi
>> the theme of this script is , i need to modify uid , password, loginshell
>>
>> example
>>
>> ldapsearch -xZZ -D "cn=Directory Manager" -w 'testtest' -b
>> "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" loginshell uid userPassword
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=fosiul,dc=lan> with scope subtree
>> # filter: (cn=Fosiul Alam)
>> # requesting: loginshell uid userPassword
>> #
>>
>> # falam, users, UK, fosiul.lan
>> dn: uid=falam,ou=users,l=UK,dc=fosiul,dc=lan
>> loginshell: /bin/bash
>> uid: falam
>> userPassword::
>> e1NTSEF9MkpYSGI2bSs3OFk5SlcySG1kOVcxdjFVUFVHMVA3eX I0dFQvZ2c9PQ=
>> =
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>>
>> So i need to modify it with
>> loginshell: /bin/nologin
>> uid: delete_falam
>> userPassword:: asfasfasfasfasfasfasfdPQ=
>>
>>
>> my first question is :
>> what would be the ldif file format for these changes ??
>>
>> Thanks for your help .
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
The last field in the above example is for the attributes you want
returned in your search. Just like the example below where you are
searching for uid, password and login shell, you simply change the
attributes you wish retrieve.
======================
Regards,
Matthew Schmitt
mschmitt@sugarsync.com
On 8/14/12 7:11 AM, "Fosiul Alam" <fosiul@gmail.com> wrote:
>Hi
>thanks for great help
>
>Everything works from script point of view
>
>Just a quick question
>
>How will i just get All uidNumber (userid) ??
>
>which commands will show me all uidNumber ??
>
>thanks
>
>
>On Tue, Aug 14, 2012 at 2:18 PM, Rich Megginson <rmeggins@redhat.com>
>wrote:
>> On 08/14/2012 06:36 AM, Grzegorz Dwornicki wrote:
>>
>> I should look similat to this:
>>
>> dn: uid=jsmith,ou=users,l=uk,dc=fosiul,dc=lan
>> changetype: modrdn
>> newrrdn: uid=new_uid_value
>> deleteoldrdn: 1
>>
>> -
>> changetype: modify
>> replace: loginshell
>> loginshell: /bin/nologin
>> -
>> modify: userPassword
>> userPassword: asfasfasfasfasfasfasfdPQ=
>>
>>
>> note - there should be no blank lines above - it appears as though the
>>first
>> "-" is preceded by a blank line - there should be no blank lines
>>
>> Also - userPassword should be in clear text - do not send pre-hashed
>> passwords to the directory server.
>>
>> For more information about ldif - man ldif
>>
>>
>> If you see "::" in userPassword this means that hash/password is
>>ecrypted in
>> base64 before listing in ldif. This rule apply for other attributes
>>aswell.
>> Usually it's used when attribute have some non-ascii chars. Usually you
>> don't need to worry about it because most apps can handle this.
>>
>> I wrote it by hand soo there may be some errors. The "-" signs are
>> important, They mean that operation on this entry are not finished and
>>they
>> provide something like transactions in databases - I noticed this
>>myself.
>> All operations on entry must be correct or none will be applied.
>>
>> Greg.
>>
>> send from htc desire z
>>
>> 14-08-2012 13:40, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>>
>>> Hi
>>> the theme of this script is , i need to modify uid , password,
>>>loginshell
>>>
>>> example
>>>
>>> ldapsearch -xZZ -D "cn=Directory Manager" -w 'testtest' -b
>>> "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" loginshell uid userPassword
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=fosiul,dc=lan> with scope subtree
>>> # filter: (cn=Fosiul Alam)
>>> # requesting: loginshell uid userPassword
>>> #
>>>
>>> # falam, users, UK, fosiul.lan
>>> dn: uid=falam,ou=users,l=UK,dc=fosiul,dc=lan
>>> loginshell: /bin/bash
>>> uid: falam
>>> userPassword::
>>> e1NTSEF9MkpYSGI2bSs3OFk5SlcySG1kOVcxdjFVUFVHMVA3eX I0dFQvZ2c9PQ=
>>> =
>>>
>>> # search result
>>> search: 3
>>> result: 0 Success
>>>
>>>
>>> So i need to modify it with
>>> loginshell: /bin/nologin
>>> uid: delete_falam
>>> userPassword:: asfasfasfasfasfasfasfdPQ=
>>>
>>>
>>> my first question is :
>>> what would be the ldif file format for these changes ??
>>>
>>> Thanks for your help .
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>--
>Regards
>Fosiul Alam
>07877100621
>http://www.fosiul.co.uk
>--
>389 users mailing list
>389-users@lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Modify users attributes
