Differences between revisions 1 and 2
Revision 1 as of 2018-11-21 13:48:01
Size: 277
Editor: cpe-101-186-120-45
Comment:
Revision 2 as of 2018-11-26 12:43:23
Size: 1168
Editor: porcupine
Comment:
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with
either `samba-tool user edit <username>` on a domain controller or `ldapvi cn=<username>` if editing from any other machine.

Users can also be batch edited with ldapmodify. See below for details.

Important attributes that might need to be changed are:
||'''Field'''||'''Description'''||
||`displayName`||automatically generated as "`<givenName> <sn>`"||
||`givenName`|| Firstname||
||`sn`|| Surname||
||`gecos`||Stores the user's real name on *NIX systems, defaults to be the same as `displayName`||
||`LoginShell`||User's *NIX shell, defaults to `/bin/zsh`||
||`gidNumber`||The user's primary POSIX group||
Line 13: Line 26:
LDAP access in AD environments requires authentication to work properly,
use `-x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au"` to authenticate the query.

This page outlines how to perform common tasks with active directory

NOTE: This page is a work in progress and is subject to change without warning

Changing Passwords

Locking/Unlocking Accounts

Editing user attributes

User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with either samba-tool user edit <username> on a domain controller or ldapvi cn=<username> if editing from any other machine.

Users can also be batch edited with ldapmodify. See below for details.

Important attributes that might need to be changed are:

Field

Description

displayName

automatically generated as "<givenName> <sn>"

givenName

Firstname

sn

Surname

gecos

Stores the user's real name on *NIX systems, defaults to be the same as displayName

LoginShell

User's *NIX shell, defaults to /bin/zsh

gidNumber

The user's primary POSIX group

ldap tools

LDAP access in AD environments requires authentication to work properly, use -x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au" to authenticate the query.