To create a new user, follow the steps:
- Login as root on ares
- Create an LDIF file which describes the new user. There should be a template file /root/add_ldap_user.ldif, but it should look like:
dn: cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au
cn: Jamie Stevens
dn: is the definitive name of the account. It consists of the
cn (or common name) of the
person, combined with the common name of the group (which will always be
rastro, and then the
basename of the directory, which will always be
uid: is the user ID of the account. For ares, the user ID is usually the first letter of the
first name, followed by the surname. This is not a hard and fast rule however, and people should
be allowed to choose their username, and it should usually be possible to match their UTAS user ID
and their ares user ID.
cn: is the common name, which is the first name and surname of the person. It should match
exactly what was put as the common name in the definitive name entry.
sn: is just the surname.
uidNumber: is the user ID number, which must be unique to ares. Lately I have been making the
UID on ares the same as the UTAS-wide UID so that using TPAC shares becomes easier, however this is
not strictly required.
gidNumber: is the group ID number, which should always be 260 (the rastro group ID number).
homeDirectory: is the location of the account’s home directory, and should be /home/ followed by
objectClass: is the type of directory entry to make (and each account can be of multiple types).
For user accounts on ares, there should be 2 such entries, one specifying a
person and another
loginShell: is the shell the user will be given when logging in, and unless the user has a strong
preference, should be /bin/tcsh.
userPassword: is the password for the user account. You should keep the default
and use the
ldappasswd command to change it after the account has been created; how to do this is
- Enter the new user into the LDAP database. Do this with the command:
ldapadd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W < add_ldap_user.ldif
assuming that the file you just created with the new account details is called
add_ldap_user.ldif and is in the current directory. The only account that has the ability
to alter the LDAP database is the
cn=mgr account, so you must bind to the database with this
account, as shown in the command above; this account has the same password as ares’ root password,
and you must enter it when prompted by the command above.
- Make the new home directory:
mkdir /home/uid where
uid is the user ID of the new account.
- Change the permissions on the new home directory:
chown -R uid:rastro /home/uid
- Generate a new random password for the new account:
ldappasswd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W ‘cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au’ would assign a new password to the account owned by Jamie Stevens; you should change the
cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down as it will be difficult to remember.
- Log in as the new user to test whether everything is working:
ssh uid@ares, and enter the new password when prompted. If you are able to log in without error messages appearing, the new account is ready to use.
- Email or give the new account details to the user and ask them to log in and change their password immediately to something they will remember using the