further information was: example ldif
in an earlier mail i sent you an example ldif that should exhibit
all the possible cases of todays ldif format. since that can be
hard to understand i try to provide further information in this
mail. i cc: the debian-edu list since it might be good to
- document it
- distribute it to more interested people
- store it in the archives for eternity
* Andreas Schuldei (andreas@schuldei.org) [041105 17:02]:
> dn: dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> dc: skole
> o: skole.skolelinux.no
> structuralObjectClass: organization
> entryUUID: 9f96dd4c-c37c-1028-9df0-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0001#0#0000
ok, this is op level OU. we want to change it at some point to
something like dc=school, dc=debian, dc=edu for consistance
reasons with the rest of the sytem. but that is a different
problem.
> dn: ou=Attic,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Attic
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9f6fe8-c37c-1028-9df1-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0002#0#0000
The Attic is the place where deleted users go. their primary
private group is deleted but their entry from ou=People,dc=skole,
dc=skolelinux... is moved here (aka renamed to ou=Attic,
dc=skole, ...) before that their login is disabled. the point
of the attic is to create a means of deleting, compressing,
backing up and storing away the deleted user accounts in a
controlled way. entries in the attic are also considered during
user name creation, so that old user names are not handed out
again to fast and new users get email etc for the old user. the
proper way of cleaning up after deleted users has not been
implemented yet.
> dn: ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: People
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9f9cc0-c37c-1028-9df3-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0004#0#0000
this is the place for the living users. (c:
> dn: ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Machines
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9f88fc-c37c-1028-9df2-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0003#0#0000
the OU for the samba machines. samba (in the form of smbadmin)
has write access to this ou, but not to ou=People, because we
want to limit its access. smbadmin can not even change the
windows passwords of users, since they are stored in ou=People.
in my oppinion this is not optimal, since people can not change
their passwords in the way they might be used to. imho they
should not be forced to learn new things (like using some web
interface), but we should try to accommodate them as well as we
can.
> dn: ou=Pam,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Pam
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9fa558-c37c-1028-9df4-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0005#0#0000
PAM. is this used?
> dn: ou=Domains,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Domains
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9fb070-c37c-1028-9df5-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0006#0#0000
do we use this?
> dn: ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Group
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9fbc1e-c37c-1028-9df6-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0007#0#0000
both the user private groups as well as the other groups
(classes/courses, authority groups and priviledge groups) live
here.
these groups are marked by a special attribute (grouptype) to make it
possible to identify them and find them faster.
> dn: ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Netgroup
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9fc722-c37c-1028-9df7-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0008#0#0000
This was originally only used to be able to limit nfs mounts on
the server, and nfs clients had to be in that ou.
nowerdays the plan is to have every group as a netgroup, too,
since many programs (e.g. squid) use netgroups for access
control.
> dn: ou=Variables,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Variables
> structuralObjectClass: organizationalUnit
> entryUUID: 9f9fd23a-c37c-1028-9df8-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0009#0#0000
this is an ou specially for entries like nextID (race-free
aquiring user and group ids).
i think the capabilities are in this ou, too.
> dn: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: admin
> description: LDAP Administrator
> userPassword:: e2NyeXB0fSRST09UUFc=
> structuralObjectClass: organizationalRole
> entryUUID: 9f9fe374-c37c-1028-9df9-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x000a#0#0000
questions?
> dn: cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> objectClass: lisGroup
> objectClass: lisAclGroup
> cn: admins
> member:
> member: uid=adama,ou=People,dc=skole,dc=skolelinux,dc=no
> description: All system administrators in the school
> gidNumber: 10001
> groupType: authority_group
> structuralObjectClass: lisAclGroup
> entryUUID: 9fa92894-c37c-1028-9dfa-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> memberUid: adama
> entryCSN: 2004110514:11:34Z#0x0006#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
the plan was that members in this goup would be full blown
admins, ldap wise, empowered to delete, modify, create etc
arbitrary entries. this did not work out like this since the acls
did not support this.
admins is one of the authority groups. (note the groupType attribute).
the grouptype is part of the
objectclass ( 1.3.6.1.4.1.8990.42.2.5 NAME 'lisGroup'
SUP top
AUXILIARY
MAY ( groupType $ ageGroup ) )
the ageGroup was removed, since it was non-obvious and confused
people. originally both users and groups should have been members
in age groups (and thus be associated to each other) and should
have limited the number of possible choices when selecting
classes for students and vice versa to those that actually
*could* be combined sensibly.
would cerebrum support something like this in the first place? i
feel the concept would help, but it needs to be hidden,
somehow.
the plan was that members in this goup would be full blown
admins, ldap wise, empowered to delete, modify, create etc
arbitrary entries. this did not work out like this since the acls
did not support this. note also the lisAclGroup, which is
objectclass ( 1.3.6.1.4.1.8990.42.2.7 NAME 'lisAclGroup'·
SUP ( posixGroup $ groupOfNames) STRUCTURAL
DESC 'hybrid group to allow atomic updates of ACLs and posixGroup')
groupOfName was needed for the ACL handling, of cause but could
go away now, since the changes would come from cerebrum`s ACLs.
that is also why they have the authority groups have the member attribute.
> dn: cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> objectClass: lisGroup
> objectClass: lisAclGroup
> cn: jradmins
> member:
> member: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> description: Junior Admins
> gidNumber: 10002
> groupType: authority_group
> structuralObjectClass: lisAclGroup
> entryUUID: 9fb09750-c37c-1028-9dfb-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> memberUid: newbia
> entryCSN: 2004110514:11:34Z#0x000c#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
jradmins were supposed to be some hand-picked, computer literate
teachers whom we would give the power to change passwords for
students and illiterate teachers.
> dn: cn=teachers,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> objectClass: lisGroup
> objectClass: lisAclGroup
> cn: teachers
> member:
> member: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> member: uid=fitt,ou=People,dc=skole,dc=skolelinux,dc=no
> description: All teachers in the school
> gidNumber: 10003
> groupType: authority_group
> structuralObjectClass: lisAclGroup
> entryUUID: 9fb0c02c-c37c-1028-9dfc-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> memberUid: newbia
> memberUid: fitt
> entryCSN: 2004110514:11:35Z#0x0006#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141135Z
same, but teachers (duh)
> dn: cn=students,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> objectClass: lisGroup
> objectClass: lisAclGroup
> cn: students
> member:
> member: uid=rudir,ou=People,dc=skole,dc=skolelinux,dc=no
> member: uid=naugtys,ou=People,dc=skole,dc=skolelinux,dc=no
> gidNumber: 10004
> groupType: authority_group
> structuralObjectClass: lisAclGroup
> entryUUID: 9fb0dee0-c37c-1028-9dfd-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> memberUid: rudir
> memberUid: naugtys
> entryCSN: 2004110514:13:27Z#0x0003#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141327Z
same
> dn: cn=none,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> objectClass: lisGroup
> cn: none
> gidNumber: 10005
> groupType: school_class
> structuralObjectClass: posixGroup
> entryUUID: 9fb0fd76-c37c-1028-9dfe-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> memberUid: adama
> memberUid: newbia
> entryCSN: 2004110514:11:34Z#0x000b#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
this group was added for cosmetical reasons to have a class to
start out with in the gui.
> dn: cn=machines,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> cn: machines
> gidNumber: 10006
> structuralObjectClass: posixGroup
> entryUUID: 9fb11734-c37c-1028-9dff-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> memberUid: debian$
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0010#0#0000
a goup for samba machines
> dn: cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: posixGroup
> cn: nextID
> structuralObjectClass: posixGroup
> entryUUID: 9fb13340-c37c-1028-9e00-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> gidNumber: 10027
> entryCSN: 2004110514:11:35Z#0x000d#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141135Z
the above mentioned nextID entry, which sole purpose it is to
provide the next uidNumber or gidNumber, free of race conditions.
> dn: cn=capabilities,ou=Variables,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: lisLdapCapabilities
> cn: capabilities
> structuralObjectClass: lisLdapCapabilities
> capability: nextID 1
> capability: groupType 1
> capability: capabilities 1
> capability: aclGroup 1
> capability: attic 1
> entryUUID: 9fb14f92-c37c-1028-9e01-f1d85361f0e7
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134456Z
> modifyTimestamp: 20041105134456Z
> entryCSN: 2004110513:44:56Z#0x0012#0#0000
this entry keeps track of the features this ldap directory
provides. when the nextid entry was added, so was that
capability.
the point of this is to have a single point to check if
the user admin system is able to run on this and if all that it
needs is there.
> dn: ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: Automount
> description: Top node for automount information
> structuralObjectClass: organizationalUnit
> entryUUID: aec8666e-c37c-1028-8ced-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0001#0#0000
>
> dn: ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: auto.master
> description: master information for autofs
> structuralObjectClass: organizationalUnit
> entryUUID: aec8a692-c37c-1028-8cee-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0002#0#0000
>
> dn: cn=/skole,ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: automount
> cn: /skole
> description: /skole mount point
> automountInformation: ldap:ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> structuralObjectClass: automount
> entryUUID: aec8c73a-c37c-1028-8cef-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0003#0#0000
>
> dn: ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: skole
> description: holder for /skole mount point
> structuralObjectClass: organizationalUnit
> entryUUID: aec905ce-c37c-1028-8cf0-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0004#0#0000
>
> dn: cn=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: automount
> cn: tjener
> description: /skole/tjener submount point
> automountInformation: -fstype=autofs ldap:ou=tjener,ou=skole,ou=Automount,dc=s
> kole,dc=skolelinux,dc=no
> structuralObjectClass: automount
> entryUUID: aec9156e-c37c-1028-8cf1-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0005#0#0000
>
> dn: ou=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: organizationalUnit
> ou: tjener
> description: holder for /skole/tjener mount point
> structuralObjectClass: organizationalUnit
> entryUUID: aec93490-c37c-1028-8cf2-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0006#0#0000
>
> dn: cn=home0,ou=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: automount
> cn: home0
> automountInformation: -rw,rsize=8192,wsize=8192,intr tjener:/skole/tjener/home
> 0
> description: /skole/tjener/home0 mount point
> structuralObjectClass: automount
> entryUUID: aec94340-c37c-1028-8cf3-a8ea09a2949a
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134521Z
> modifyTimestamp: 20041105134521Z
> entryCSN: 2004110513:45:21Z#0x0007#0#0000
some auto-mount maps, dont know a whole lot about them.
> dn: cn=printer-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: nisNetgroup
> cn: printer-hosts
> structuralObjectClass: nisNetgroup
> entryUUID: b3c2360e-c37c-1028-8690-b9d915a94349
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134530Z
> modifyTimestamp: 20041105134530Z
> entryCSN: 2004110513:45:30Z#0x0001#0#0000
>
> dn: cn=workstation-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: nisNetgroup
> cn: workstation-hosts
> structuralObjectClass: nisNetgroup
> entryUUID: b3c28dca-c37c-1028-8691-b9d915a94349
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134530Z
> modifyTimestamp: 20041105134530Z
> entryCSN: 2004110513:45:30Z#0x0002#0#0000
>
> dn: cn=ltsp-server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: nisNetgroup
> cn: ltsp-server-hosts
> structuralObjectClass: nisNetgroup
> entryUUID: b3c2c4e8-c37c-1028-8692-b9d915a94349
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134530Z
> modifyTimestamp: 20041105134530Z
> entryCSN: 2004110513:45:30Z#0x0003#0#0000
>
> dn: cn=server-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: nisNetgroup
> cn: server-hosts
> nisNetgroupTriple: (tjener,-,-)
> structuralObjectClass: nisNetgroup
> entryUUID: b3c2fcb0-c37c-1028-8693-b9d915a94349
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134530Z
> modifyTimestamp: 20041105134530Z
> entryCSN: 2004110513:45:30Z#0x0004#0#0000
>
> dn: cn=all-hosts,ou=Netgroup,dc=skole,dc=skolelinux,dc=no
> objectClass: top
> objectClass: nisNetgroup
> cn: all-hosts
> memberNisNetgroup: ltsp-server-hosts
> memberNisNetgroup: printer-hosts
> memberNisNetgroup: server-hosts
> memberNisNetgroup: workstation-hosts
> structuralObjectClass: nisNetgroup
> entryUUID: b3c347ba-c37c-1028-8694-b9d915a94349
> creatorsName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> modifiersName: cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105134530Z
> modifyTimestamp: 20041105134530Z
> entryCSN: 2004110513:45:30Z#0x0005#0#0000
netgroups...
> dn: cn=sport,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: sport
> gidNumber: 10007
> groupType: school_class
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 152657d4-c37f-1028-846a-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105140232Z
> memberUid: rudir
> memberUid: fitt
> memberUid: naugtys
> entryCSN: 2004110514:13:27Z#0x0002#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141327Z
an example class/course
> dn: cn=printing,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: printing
> gidNumber: 10008
> groupType: privilege_group
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 152c4572-c37f-1028-846b-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105140232Z
> entryCSN: 2004110514:02:32Z#0x0004#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105140232Z
this is a privilige group. members in this group are allowed to
print. (this is not implemented both in the user-admin-app and
the printing subsystem yet. it might need to be a netgroup, too,
to work.) this is just an example. other privilige groups could
be for internet-access or external mail sending...
> dn: uid=adama,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn: Adam Admin
> uid: adama
> uidNumber: 10021
> gidNumber: 10021
> homeDirectory: /skole/tjener/home0/adama
> mailMessageStore: /var/lib/maildirs/adama
> userPassword:: e2NyeXB0feu0NEZVd3J5eVNHQXM=
> loginShell: /bin/bash
> structuralObjectClass: imapUser
> entryUUID: 580356aa-c380-1028-8478-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> entryCSN: 2004110514:11:34Z#0x0002#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
a normal user. nothing special, no non-standard things.
> dn: cn=adama,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: adama
> gidNumber: 10021
> groupType: private
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 58176532-c380-1028-8479-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> memberUid: adama
> entryCSN: 2004110514:11:34Z#0x0004#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
>
> dn: uid=newbia,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn: Newbi Admin
> uid: newbia
> uidNumber: 10022
> gidNumber: 10022
> homeDirectory: /skole/tjener/home0/newbia
> mailMessageStore: /var/lib/maildirs/newbia
> userPassword:: e2NyeXB0faeueVE2ZWpSblJyTXc=
> loginShell: /bin/bash
> structuralObjectClass: imapUser
> entryUUID: 582de690-c380-1028-847a-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> entryCSN: 2004110514:11:34Z#0x0008#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
>
> dn: cn=newbia,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: newbia
> gidNumber: 10022
> groupType: private
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 5833ac24-c380-1028-847b-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> memberUid: newbia
> entryCSN: 2004110514:11:34Z#0x000a#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
>
> dn: uid=rudir,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn:: UnVkaSBSw7xwZWw=
> uid: rudir
> uidNumber: 10023
> gidNumber: 10023
> homeDirectory: /skole/tjener/home0/rudir
> mailMessageStore: /var/lib/maildirs/rudir
> userPassword:: e2NyeXB0fZyNZFNPMU5YeUpDSXc=
> loginShell: /bin/bash
> structuralObjectClass: imapUser
> entryUUID: 5850280e-c380-1028-847c-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> entryCSN: 2004110514:11:34Z#0x000f#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
>
> dn: cn=rudir,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: rudir
> gidNumber: 10023
> groupType: private
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 5855f5cc-c380-1028-847d-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141134Z
> memberUid: rudir
> entryCSN: 2004110514:11:34Z#0x0011#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141134Z
>
> dn: uid=fitt,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn: Fit Teacher
> uid: fitt
> uidNumber: 10024
> gidNumber: 10024
> homeDirectory: /skole/tjener/home0/fitt
> mailMessageStore: /var/lib/maildirs/fitt
> userPassword:: e2NyeXB0fSBlcVZvVWdLUFFwWW8=
> loginShell: /bin/bash
> structuralObjectClass: imapUser
> entryUUID: 586db978-c380-1028-847e-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141135Z
> entryCSN: 2004110514:11:35Z#0x0002#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141135Z
a teacher who is member in a class.
> dn: cn=fitt,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: fitt
> gidNumber: 10024
> groupType: private
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 5875b06a-c380-1028-847f-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141135Z
> memberUid: fitt
> entryCSN: 2004110514:11:35Z#0x0004#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141135Z
>
> dn: uid=gammalb,ou=Attic,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn: Gammal Brukare
> uidNumber: 10025
> gidNumber: 10025
> homeDirectory: /skole/tjener/home0/gammalb
> mailMessageStore: /var/lib/maildirs/gammalb
> structuralObjectClass: imapUser
> entryUUID: 5886628e-c380-1028-8480-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141135Z
> shadowFlag: 1
> userPassword:: RElTQUJMRUQhe2NyeXB0feaLV3VkWVRDUW4vSEE=
> loginShell: DISABLED!/bin/bash
> entryCSN: 2004110514:13:27Z#0x0006#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141327Z
> uid: gammalb
a deleted user, who got moved to the attic. the login shell got
diabled, the password changed and the shadowFlag attribute
exists. (the last one is a easy to catch flag in a ldap query in
pam-ldap and is supposed to disable login on pam level.)
> dn: uid=naugtys,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> cn: Naugty Student
> uid: naugtys
> uidNumber: 10026
> gidNumber: 10026
> homeDirectory: /skole/tjener/home0/naugtys
> mailMessageStore: /var/lib/maildirs/naugtys
> structuralObjectClass: imapUser
> entryUUID: 589d7258-c380-1028-8482-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141135Z
> shadowFlag: 1
> userPassword:: RElTQUJMRUQhe2NyeXB0fUuJZ3JScGZCTjIzSHM=
> loginShell: DISABLED!/bin/bash
> entryCSN: 2004110514:12:18Z#0x0003#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141218Z
this user`s login got disabled.
> dn: cn=naugtys,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: naugtys
> gidNumber: 10026
> groupType: private
> description: dontcare
> structuralObjectClass: posixGroup
> entryUUID: 58a3493a-c380-1028-8483-939bf336f926
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20041105141135Z
> memberUid: naugtys
> entryCSN: 2004110514:11:35Z#0x0010#0#0000
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20041105141135Z
>
> dn: uid=meresm,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: imapUser
> objectClass: sambaSamAccount
> cn: Mer Smem Is
> uid: meresm
> uidNumber: 10260
> gidNumber: 10260
> mailMessageStore: /var/lib/maildirs/meretesm
> loginShell: /bin/bash
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20040810115926Z
> sambaSID: S-1-5-21-572247700-2728460747-39490188-21520
> sambaPrimaryGroupSID: S-1-5-21-572247700-2728460747-39490188-21521
> displayName: Mer Smem Is
> sambaPwdCanChange: 1092139167
> sambaPwdMustChange: 2147483647
> sambaPwdLastSet: 1092139167
> sambaAcctFlags: [U ]
> homeDirectory: /skole/tjener/teacher/meresm
> sambaNTPassword: D566322495FEFE1272EB37CD3BCDEF
> userPassword:: e2NyeXB0fVl6c05rMHpGlqLi4=
> sambaLMPassword: 14BFE55C530B13AAD3B435B51404EE
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20040811072419Z
a full blown samba user.
> dn: cn=meresm,ou=Group,dc=skole,dc=skolelinux,dc=no
> objectClass: posixGroup
> objectClass: top
> objectClass: lisGroup
> cn: meresm
> gidNumber: 10260
> groupType: private
> description: dontcare
> creatorsName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20040810115928Z
> memberUid: meresm
> modifiersName: cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20040810115928Z
>
> dn: uid=debian$,ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no
> objectClass: posixAccount
> objectClass: top
> objectClass: account
> objectClass: sambaSamAccount
> cn: debian$ MachineAccount
> uid: debian$
> uidNumber: 10503
> gidNumber: 10006
> homeDirectory: /dev/null
> loginShell: /bin/false
> creatorsName: cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no
> createTimestamp: 20040811091715Z
> sambaSID: S-1-5-21-572247700-2728460747-39490188-22006
> sambaPrimaryGroupSID: S-1-5-21-572247700-2728460747-39490188-21013
> displayName: debian$ MachineAccount
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W ]
> sambaPwdCanChange: 1092216794
> sambaLMPassword: EC10A3CEEF04C3705DA9787740EEA3
> sambaNTPassword: 6E1EFC96B0601A1C8924FD93DDA0B5
> sambaPwdLastSet: 1092216794
> modifiersName: cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no
> modifyTimestamp: 20040811093314Z
and a windows machine account for samba
Reply to: