Re: further information was: example ldif

To: Andreas Schuldei <andreas@schuldei.org>
Cc: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>, debian-edu@lists.debian.org
Subject: Re: further information was: example ldif
From: Finn-Arne Johansen <faj@bzz.no>
Date: Mon, 8 Nov 2004 22:36:01 +0100
Message-id: <20041108213601.GB11530@bzzware.org>
Mail-followup-to: Andreas Schuldei <andreas@schuldei.org>, Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>, debian-edu@lists.debian.org
In-reply-to: <20041108201647.GB1794@lukas.schuldei.com>
References: <20041105160216.GD3208@lukas.schuldei.com> <20041108201647.GB1794@lukas.schuldei.com>
On Mon, Nov 08, 2004 at 09:16:47PM +0100, Andreas Schuldei wrote:
> in an earlier mail i sent you an example ldif that should exhibit
> all the possible cases of todays ldif format. since that can be
> hard to understand i try to provide further information in this
> mail. i cc: the debian-edu list since it might be good to 
> - document it
> - distribute it to more interested people
> - store it in the archives for eternity
> 
> * Andreas Schuldei (andreas@schuldei.org) [041105 17:02]:
> > dn: dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: dcObject
> > objectClass: organization
> > dc: skole
> > o: skole.skolelinux.no
> > structuralObjectClass: organization
> > entryUUID: 9f96dd4c-c37c-1028-9df0-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0001#0#0000
> 
> ok, this is op level OU. we want to change it at some point to
> something like dc=school, dc=debian, dc=edu for consistance
> reasons with the rest of the sytem. but that is a different
> problem.

Well Shouldnt this actually be something that reflect the site this is
actually running on: 
 dn: dc=studnet,dc=ulsrud,dc=vgs,dc=skole,dc=no
or 
 dn: dc=test,dc=skole,dc=bzz,dc=no

> > dn: ou=Attic,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Attic
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9f6fe8-c37c-1028-9df1-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0002#0#0000
> 
> The Attic is the place where deleted users go. their primary
> private group is deleted but their entry from ou=People,dc=skole,
> dc=skolelinux... is moved here (aka renamed to ou=Attic,
> dc=skole, ...) before that their login is disabled.  the point
> of the attic is to create a means of deleting, compressing,
> backing up and storing away the deleted user accounts in a
> controlled way.  entries in the attic are also considered during
> user name creation, so that old user names are not handed out
> again to fast and new users get email etc for the old user. the
> proper way of cleaning up after deleted users has not been
> implemented yet.

hey, I implemented som script there....

> > dn: ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: People
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9f9cc0-c37c-1028-9df3-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0004#0#0000
> 
> this is the place for the living users. (c:
> 
> > dn: ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Machines
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9f88fc-c37c-1028-9df2-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0003#0#0000
> 
> the OU for the samba machines. samba (in the form of smbadmin)
> has write access to this ou, but not to ou=People, because we
> want to limit its access. smbadmin can not even change the
> windows passwords of users, since they are stored in ou=People.
> in my oppinion this is not optimal, since people can not change
> their passwords in the way they might be used to. imho they
> should not be forced to learn new things (like using some web
> interface), but we should try to accommodate them as well as we
> can.

Oh yes, smbadmin has write access to the samba parameters in
ou=People,dc=skole,dc ...

> > dn: ou=Pam,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Pam
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9fa558-c37c-1028-9df4-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0005#0#0000
> 
> PAM. is this used?

no

> > dn: ou=Domains,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Domains
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9fb070-c37c-1028-9df5-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0006#0#0000
> 
> do we use this?

no

> > dn: ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Group
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9fbc1e-c37c-1028-9df6-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0007#0#0000
> 
> both the user private groups as well as the other groups
> (classes/courses, authority groups and priviledge groups) live
> here.
> 
> these groups are marked by a special attribute (grouptype) to make it
> possible to identify them and find them faster.
> 
> > dn: ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Netgroup
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9fc722-c37c-1028-9df7-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0008#0#0000
> 
> This was originally only used to be able to limit nfs mounts on
> the server, and nfs clients had to be in that ou.
> 
> nowerdays the plan is to have every group as a netgroup, too,
> since many programs (e.g. squid) use netgroups for access
> control.
> 
> > dn: ou=Variables,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Variables
> > structuralObjectClass: organizationalUnit
> > entryUUID: 9f9fd23a-c37c-1028-9df8-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0009#0#0000
> 
> this is an ou specially for entries like nextID (race-free
> aquiring user and group ids).
> i think the capabilities are in this ou, too.
> 
> > dn: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalRole
> > objectClass: simpleSecurityObject
> > cn: admin
> > description: LDAP Administrator
> > userPassword:: e2NyeXB0fSRST09UUFc=
> > structuralObjectClass: organizationalRole
> > entryUUID: 9f9fe374-c37c-1028-9df9-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x000a#0#0000
> 
> questions?
> 
> > dn: cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: lisGroup
> > objectClass: lisAclGroup
> > cn: admins
> > member:
> > member: uid=adama,ou=People,dc=skole,dc=skolelinux,dc=no
> > description: All system administrators in the school
> > gidNumber: 10001
> > groupType: authority_group
> > structuralObjectClass: lisAclGroup
> > entryUUID: 9fa92894-c37c-1028-9dfa-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > memberUid: adama
> > entryCSN: 2004110514:11:34Z#0x0006#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> 
> the plan was that members in this goup would be full blown
> admins, ldap wise, empowered to delete, modify, create etc
> arbitrary entries. this did not work out like this since the acls
> did not support this.

This also holds the sambaGroupMapping objectclass, to allow admins to
administer samba workstations. 

> admins is one of the authority groups. (note the groupType attribute).
> the grouptype is part of the 
> 
> objectclass ( 1.3.6.1.4.1.8990.42.2.5 NAME 'lisGroup'
>         SUP top
>         AUXILIARY
>         MAY ( groupType $ ageGroup ) )
> 
> the ageGroup was removed, since it was non-obvious and confused
> people. originally both users and groups should have been members
> in age groups (and thus be associated to each other) and should
> have limited the number of possible choices when selecting
> classes for students and vice versa to those that actually
> *could* be combined sensibly. 
> 
> would cerebrum support something like this in the first place? i
> feel the concept would help, but it needs to be hidden,
> somehow.
> 
> the plan was that members in this goup would be full blown
> admins, ldap wise, empowered to delete, modify, create etc
> arbitrary entries. this did not work out like this since the acls
> did not support this. note also the lisAclGroup, which is
> 
> objectclass ( 1.3.6.1.4.1.8990.42.2.7 NAME 'lisAclGroup'·
>         SUP ( posixGroup $ groupOfNames) STRUCTURAL
>         DESC 'hybrid group to allow atomic updates of ACLs and posixGroup')
> 
> groupOfName was needed for the ACL handling, of cause but could
> go away now, since the changes would come from cerebrum`s ACLs.
> that is also why they have the authority groups have the member attribute.
> 
> > dn: cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: lisGroup
> > objectClass: lisAclGroup
> > cn: jradmins
> > member:
> > member: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> > description: Junior Admins
> > gidNumber: 10002
> > groupType: authority_group
> > structuralObjectClass: lisAclGroup
> > entryUUID: 9fb09750-c37c-1028-9dfb-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > memberUid: newbia
> > entryCSN: 2004110514:11:34Z#0x000c#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> 
> jradmins were supposed to be some hand-picked, computer literate
> teachers whom we would give the power to change passwords for
> students and illiterate teachers.
> 
> > dn: cn=teachers,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: lisGroup
> > objectClass: lisAclGroup
> > cn: teachers
> > member:
> > member: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> > member: uid=fitt,ou=People,dc=skole,dc=skolelinux,dc=no
> > description: All teachers in the school
> > gidNumber: 10003
> > groupType: authority_group
> > structuralObjectClass: lisAclGroup
> > entryUUID: 9fb0c02c-c37c-1028-9dfc-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > memberUid: newbia
> > memberUid: fitt
> > entryCSN: 2004110514:11:35Z#0x0006#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141135Z
> 
> same, but teachers (duh)
> 
> > dn: cn=students,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: lisGroup
> > objectClass: lisAclGroup
> > cn: students
> > member:
> > member: uid=rudir,ou=People,dc=skole,dc=skolelinux,dc=no
> > member: uid=naugtys,ou=People,dc=skole,dc=skolelinux,dc=no
> > gidNumber: 10004
> > groupType: authority_group
> > structuralObjectClass: lisAclGroup
> > entryUUID: 9fb0dee0-c37c-1028-9dfd-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > memberUid: rudir
> > memberUid: naugtys
> > entryCSN: 2004110514:13:27Z#0x0003#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141327Z
> 
> same
> 
> > dn: cn=none,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: lisGroup
> > cn: none
> > gidNumber: 10005
> > groupType: school_class
> > structuralObjectClass: posixGroup
> > entryUUID: 9fb0fd76-c37c-1028-9dfe-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > memberUid: adama
> > memberUid: newbia
> > entryCSN: 2004110514:11:34Z#0x000b#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> 
> this group was added for cosmetical reasons to have a class to
> start out with in the gui. 

Should this be renamed to everyone ? or maybe not. 

> > dn: cn=machines,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > cn: machines
> > gidNumber: 10006
> > structuralObjectClass: posixGroup
> > entryUUID: 9fb11734-c37c-1028-9dff-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > memberUid: debian$
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0010#0#0000
> 
> a goup for samba machines
> 
> > dn: cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: posixGroup
> > cn: nextID
> > structuralObjectClass: posixGroup
> > entryUUID: 9fb13340-c37c-1028-9e00-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > gidNumber: 10027
> > entryCSN: 2004110514:11:35Z#0x000d#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141135Z
> 
> the above mentioned nextID entry, which sole purpose it is to
> provide the next uidNumber or gidNumber, free of race conditions. 
> 
> > dn: cn=capabilities,ou=Variables,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: lisLdapCapabilities
> > cn: capabilities
> > structuralObjectClass: lisLdapCapabilities
> > capability: nextID 1
> > capability: groupType 1
> > capability: capabilities 1
> > capability: aclGroup 1
> > capability: attic 1
> > entryUUID: 9fb14f92-c37c-1028-9e01-f1d85361f0e7
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134456Z
> > modifyTimestamp: 20041105134456Z
> > entryCSN: 2004110513:44:56Z#0x0012#0#0000
> 
> this entry keeps track of the features this ldap directory
> provides. when the nextid entry was added, so was that
> capability.
> 
> the point of this is to have a single point to check if 
> the user admin system is able to run on this and if all that it
> needs is there.
> 
> > dn: ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: Automount
> > description: Top node for automount information
> > structuralObjectClass: organizationalUnit
> > entryUUID: aec8666e-c37c-1028-8ced-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0001#0#0000
> >
> > dn: ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: auto.master
> > description: master information for autofs
> > structuralObjectClass: organizationalUnit
> > entryUUID: aec8a692-c37c-1028-8cee-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0002#0#0000
> > 
> > dn: cn=/skole,ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: automount
> > cn: /skole
> > description: /skole mount point
> > automountInformation: ldap:ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > structuralObjectClass: automount
> > entryUUID: aec8c73a-c37c-1028-8cef-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0003#0#0000
> > 
> > dn: ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: skole
> > description: holder for /skole mount point
> > structuralObjectClass: organizationalUnit
> > entryUUID: aec905ce-c37c-1028-8cf0-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0004#0#0000
> > 
> > dn: cn=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: automount
> > cn: tjener
> > description: /skole/tjener submount point
> > automountInformation: -fstype=autofs ldap:ou=tjener,ou=skole,ou=Automount,dc=s
> >  kole,dc=skolelinux,dc=no
> > structuralObjectClass: automount
> > entryUUID: aec9156e-c37c-1028-8cf1-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0005#0#0000
> > 
> > dn: ou=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: organizationalUnit
> > ou: tjener
> > description: holder for /skole/tjener mount point
> > structuralObjectClass: organizationalUnit
> > entryUUID: aec93490-c37c-1028-8cf2-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0006#0#0000
> > 
> > dn: cn=home0,ou=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: automount
> > cn: home0
> > automountInformation: -rw,rsize=8192,wsize=8192,intr tjener:/skole/tjener/home
> >  0
> > description: /skole/tjener/home0 mount point
> > structuralObjectClass: automount
> > entryUUID: aec94340-c37c-1028-8cf3-a8ea09a2949a
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134521Z
> > modifyTimestamp: 20041105134521Z
> > entryCSN: 2004110513:45:21Z#0x0007#0#0000
> 
> some auto-mount maps, dont know a whole lot about them.
> 
> > dn: cn=printer-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: nisNetgroup
> > cn: printer-hosts
> > structuralObjectClass: nisNetgroup
> > entryUUID: b3c2360e-c37c-1028-8690-b9d915a94349
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134530Z
> > modifyTimestamp: 20041105134530Z
> > entryCSN: 2004110513:45:30Z#0x0001#0#0000
> > 
> > dn: cn=workstation-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: nisNetgroup
> > cn: workstation-hosts
> > structuralObjectClass: nisNetgroup
> > entryUUID: b3c28dca-c37c-1028-8691-b9d915a94349
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134530Z
> > modifyTimestamp: 20041105134530Z
> > entryCSN: 2004110513:45:30Z#0x0002#0#0000
> > 
> > dn: cn=ltsp-server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: nisNetgroup
> > cn: ltsp-server-hosts
> > structuralObjectClass: nisNetgroup
> > entryUUID: b3c2c4e8-c37c-1028-8692-b9d915a94349
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134530Z
> > modifyTimestamp: 20041105134530Z
> > entryCSN: 2004110513:45:30Z#0x0003#0#0000
> > 
> > dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: nisNetgroup
> > cn: server-hosts
> > nisNetgroupTriple: (tjener,-,-)
> > structuralObjectClass: nisNetgroup
> > entryUUID: b3c2fcb0-c37c-1028-8693-b9d915a94349
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134530Z
> > modifyTimestamp: 20041105134530Z
> > entryCSN: 2004110513:45:30Z#0x0004#0#0000
> > 
> > dn: cn=all-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> > objectClass: top
> > objectClass: nisNetgroup
> > cn: all-hosts
> > memberNisNetgroup: ltsp-server-hosts
> > memberNisNetgroup: printer-hosts
> > memberNisNetgroup: server-hosts
> > memberNisNetgroup: workstation-hosts
> > structuralObjectClass: nisNetgroup
> > entryUUID: b3c347ba-c37c-1028-8694-b9d915a94349
> > creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105134530Z
> > modifyTimestamp: 20041105134530Z
> > entryCSN: 2004110513:45:30Z#0x0005#0#0000
> 
> netgroups...
> 
> > dn: cn=sport,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: sport
> > gidNumber: 10007
> > groupType: school_class
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 152657d4-c37f-1028-846a-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105140232Z
> > memberUid: rudir
> > memberUid: fitt
> > memberUid: naugtys
> > entryCSN: 2004110514:13:27Z#0x0002#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141327Z
> 
> an example class/course
> 
> > dn: cn=printing,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: printing
> > gidNumber: 10008
> > groupType: privilege_group
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 152c4572-c37f-1028-846b-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105140232Z
> > entryCSN: 2004110514:02:32Z#0x0004#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105140232Z
> 
> this is a privilige group. members in this group are allowed to
> print. (this is not implemented both in the user-admin-app and
> the printing subsystem yet. it might need to be a netgroup, too,
> to work.) this is just an example. other privilige groups could
> be for internet-access or external mail sending...
> 
> > dn: uid=adama,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn: Adam Admin
> > uid: adama
> > uidNumber: 10021
> > gidNumber: 10021
> > homeDirectory: /skole/tjener/home0/adama
> > mailMessageStore: /var/lib/maildirs/adama
> > userPassword:: e2NyeXB0feu0NEZVd3J5eVNHQXM=
> > loginShell: /bin/bash
> > structuralObjectClass: imapUser
> > entryUUID: 580356aa-c380-1028-8478-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > entryCSN: 2004110514:11:34Z#0x0002#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> 
> a normal user. nothing special, no non-standard things.
> 
> > dn: cn=adama,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: adama
> > gidNumber: 10021
> > groupType: private
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 58176532-c380-1028-8479-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > memberUid: adama
> > entryCSN: 2004110514:11:34Z#0x0004#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> > 
> > dn: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn: Newbi Admin
> > uid: newbia
> > uidNumber: 10022
> > gidNumber: 10022
> > homeDirectory: /skole/tjener/home0/newbia
> > mailMessageStore: /var/lib/maildirs/newbia
> > userPassword:: e2NyeXB0faeueVE2ZWpSblJyTXc=
> > loginShell: /bin/bash
> > structuralObjectClass: imapUser
> > entryUUID: 582de690-c380-1028-847a-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > entryCSN: 2004110514:11:34Z#0x0008#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> > 
> > dn: cn=newbia,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: newbia
> > gidNumber: 10022
> > groupType: private
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 5833ac24-c380-1028-847b-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > memberUid: newbia
> > entryCSN: 2004110514:11:34Z#0x000a#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> > 
> > dn: uid=rudir,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn:: UnVkaSBSw7xwZWw=
> > uid: rudir
> > uidNumber: 10023
> > gidNumber: 10023
> > homeDirectory: /skole/tjener/home0/rudir
> > mailMessageStore: /var/lib/maildirs/rudir
> > userPassword:: e2NyeXB0fZyNZFNPMU5YeUpDSXc=
> > loginShell: /bin/bash
> > structuralObjectClass: imapUser
> > entryUUID: 5850280e-c380-1028-847c-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > entryCSN: 2004110514:11:34Z#0x000f#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> > 
> > dn: cn=rudir,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: rudir
> > gidNumber: 10023
> > groupType: private
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 5855f5cc-c380-1028-847d-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141134Z
> > memberUid: rudir
> > entryCSN: 2004110514:11:34Z#0x0011#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141134Z
> > 
> > dn: uid=fitt,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn: Fit Teacher
> > uid: fitt
> > uidNumber: 10024
> > gidNumber: 10024
> > homeDirectory: /skole/tjener/home0/fitt
> > mailMessageStore: /var/lib/maildirs/fitt
> > userPassword:: e2NyeXB0fSBlcVZvVWdLUFFwWW8=
> > loginShell: /bin/bash
> > structuralObjectClass: imapUser
> > entryUUID: 586db978-c380-1028-847e-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141135Z
> > entryCSN: 2004110514:11:35Z#0x0002#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141135Z
> 
> a teacher who is member in a class. 
> 
> > dn: cn=fitt,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: fitt
> > gidNumber: 10024
> > groupType: private
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 5875b06a-c380-1028-847f-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141135Z
> > memberUid: fitt
> > entryCSN: 2004110514:11:35Z#0x0004#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141135Z
> > 
> > dn: uid=gammalb,ou=Attic,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn: Gammal Brukare
> > uidNumber: 10025
> > gidNumber: 10025
> > homeDirectory: /skole/tjener/home0/gammalb
> > mailMessageStore: /var/lib/maildirs/gammalb
> > structuralObjectClass: imapUser
> > entryUUID: 5886628e-c380-1028-8480-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141135Z
> > shadowFlag: 1
> > userPassword:: RElTQUJMRUQhe2NyeXB0feaLV3VkWVRDUW4vSEE=
> > loginShell: DISABLED!/bin/bash
> > entryCSN: 2004110514:13:27Z#0x0006#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141327Z
> > uid: gammalb
> 
> a deleted user, who got moved to the attic. the login shell got
> diabled, the password changed and the shadowFlag attribute
> exists. (the last one is a easy to catch flag in a ldap query in
> pam-ldap and is supposed to disable login on pam level.)
> 
> > dn: uid=naugtys,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > cn: Naugty Student
> > uid: naugtys
> > uidNumber: 10026
> > gidNumber: 10026
> > homeDirectory: /skole/tjener/home0/naugtys
> > mailMessageStore: /var/lib/maildirs/naugtys
> > structuralObjectClass: imapUser
> > entryUUID: 589d7258-c380-1028-8482-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141135Z
> > shadowFlag: 1
> > userPassword:: RElTQUJMRUQhe2NyeXB0fUuJZ3JScGZCTjIzSHM=
> > loginShell: DISABLED!/bin/bash
> > entryCSN: 2004110514:12:18Z#0x0003#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141218Z
> 
> this user`s login got disabled.
> 
> > dn: cn=naugtys,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: naugtys
> > gidNumber: 10026
> > groupType: private
> > description: dontcare
> > structuralObjectClass: posixGroup
> > entryUUID: 58a3493a-c380-1028-8483-939bf336f926
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20041105141135Z
> > memberUid: naugtys
> > entryCSN: 2004110514:11:35Z#0x0010#0#0000
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20041105141135Z
> > 
> > dn: uid=meresm,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
> > objectClass: imapUser
> > objectClass: sambaSamAccount
> > cn: Mer Smem Is
> > uid: meresm
> > uidNumber: 10260
> > gidNumber: 10260
> > mailMessageStore: /var/lib/maildirs/meretesm
> > loginShell: /bin/bash
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20040810115926Z
> > sambaSID: S-1-5-21-572247700-2728460747-39490188-21520
> > sambaPrimaryGroupSID: S-1-5-21-572247700-2728460747-39490188-21521
> > displayName: Mer Smem Is
> > sambaPwdCanChange: 1092139167
> > sambaPwdMustChange: 2147483647
> > sambaPwdLastSet: 1092139167
> > sambaAcctFlags: [U          ]
> > homeDirectory: /skole/tjener/teacher/meresm
> > sambaNTPassword: D566322495FEFE1272EB37CD3BCDEF
> > userPassword:: e2NyeXB0fVl6c05rMHpGlqLi4=
> > sambaLMPassword: 14BFE55C530B13AAD3B435B51404EE
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20040811072419Z
> 
> a full blown samba user.
> 
> > dn: cn=meresm,ou=Group,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixGroup
> > objectClass: top
> > objectClass: lisGroup
> > cn: meresm
> > gidNumber: 10260
> > groupType: private
> > description: dontcare
> > creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20040810115928Z
> > memberUid: meresm
> > modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20040810115928Z
> > 
> > dn: uid=debian$,ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: account
> > objectClass: sambaSamAccount
> > cn: debian$ MachineAccount
> > uid: debian$
> > uidNumber: 10503
> > gidNumber: 10006
> > homeDirectory: /dev/null
> > loginShell: /bin/false
> > creatorsName: cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no
> > createTimestamp: 20040811091715Z
> > sambaSID: S-1-5-21-572247700-2728460747-39490188-22006
> > sambaPrimaryGroupSID: S-1-5-21-572247700-2728460747-39490188-21013
> > displayName: debian$ MachineAccount
> > sambaPwdMustChange: 2147483647
> > sambaAcctFlags: [W          ]
> > sambaPwdCanChange: 1092216794
> > sambaLMPassword: EC10A3CEEF04C3705DA9787740EEA3
> > sambaNTPassword: 6E1EFC96B0601A1C8924FD93DDA0B5
> > sambaPwdLastSet: 1092216794
> > modifiersName: cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no
> > modifyTimestamp: 20040811093314Z
> 
> and a windows machine account for samba
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Finn-Arne Johansen 
faj@bzz.no
http://bzz.no/
Reply to:
Follow-Ups:
- Re: further information was: example ldif
  - From: Andreas Schuldei <andreas@schuldei.org>
References:
- further information was: example ldif
  - From: Andreas Schuldei <andreas@schuldei.org>
Prev by Date: further information was: example ldif
Next by Date: Re: Linex Backports for KdeEdu (Sources)
Previous by thread: further information was: example ldif
Next by thread: Re: further information was: example ldif
Index(es):
- Date
- Thread