LDAP系列(四)smbldap-tools 使用教程

2024-02-13 12:47:34

smbldap-tools 使用教程

该工具包,包含了samba和ldap结合使用的各项工具。

smbldap-config     smbldap-groupmod   smbldap-useradd    smbldap-usermod
smbldap-groupadd   smbldap-groupshow  smbldap-userdel    smbldap-usershow
smbldap-groupdel   smbldap-passwd     smbldap-userinfo   
smbldap-grouplist  smbldap-populate   smbldap-userlist

添加用户

首先看一下home目录:

root@cky:~# ls /home
cky  ldap_user01

要添加具有主目录的新用户:

root@cky:~# smbldap-useradd -a -P -m ldap_user02
Changing UNIX and samba passwords for ldap_user02
New password: 222222
Retype new password: 222222

查询用户

查询 LDAP 中的该用户:

root@cky:~# ldapsearch -x -b "uid=ldap_user02,ou=Dev,dc=company,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=ldap_user02,ou=Dev,dc=company,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ldap_user02, Dev, company.com
dn: uid=ldap_user02,ou=Dev,dc=company,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
cn: ldap_user02
sn: ldap_user02
uid: ldap_user02
uidNumber: 10004
gidNumber: 513
homeDirectory: /home/ldap_user02
loginShell: /bin/bash
gecos: System User
givenName: ldap_user02
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: ldap_user02
sambaSID: S-1-5-21-385293779-2563394074-3374145406-10005
sambaPrimaryGroupSID: S-1-5-21-385293779-2563394074-3374145406-513
sambaProfilePath: \\Company\profiles\ldap_user02
sambaHomePath: \\Company\ldap_user02
sambaPwdLastSet: 1614333011
sambaAcctFlags: [U]
sambaPwdMustChange: 1618221011
sambaNTPassword: BA07BA35933E5BF42DEA4AF8ADD09D1E
sambaLMPassword: 833B90D86446228DAAD3B435B51404EE
shadowLastChange: 18684
shadowMax: 45

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

使用smbldap-userinfo查询用户信息:

root@cky:~# smbldap-userinfo -l ldap_user02
Full Name: ldap_user02
Family Name: ldap_user02
First Name: ldap_user02
User Shell: /bin/bash
Room Number: -
Work Phone: -
Home Phone: -
Other: -
Maximum number of days between Shadow password change: 45
Minimum number of days between Shadow password change: -
Shadow Warning: -
Shadow  Inactive: -
Shadow Expires: -
Shadow Last Change: Fri Feb 26 2021
Shadow Account Satus: unlock
Samba Password Last Set: Fri Feb 26 2021 09:50
Samba Password Must Change: Mon Apr 12 2021 09:50
Samba Flags: [U]

查询home目录:

root@cky:~# ls /home
cky  ldap_user01  ldap_user02

删除用户

删除用户,并删除其主目录:

root@cky:~# smbldap-userdel -r ldap_user02

再次查询 LDAP 用户:

root@cky:~# ldapsearch -x -b "uid=ldap_user02,ou=Dev,dc=company,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=ldap_user02,ou=Dev,dc=company,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
matchedDN: ou=Dev,dc=company,dc=com

# numResponses: 1

查询home目录:

root@cky:~# ls /home
cky  ldap_user01

添加组

root@cky:~# smbldap-groupadd -a groupname

使现有用户成为组的成员

root@cky:~# smbldap-groupmod -m username groupname

将用户从组中删除

root@cky:~# smbldap-groupmod -x username groupname
上一篇:基于Docker部署Ldap环境


下一篇:LDAP部署及实践