From UTAS Radio Astronomy Group

Computers: New Useron Ares

To create a new user, follow the steps:

dn: cn=Jamie Stevens,cn=rastro,dc=astro,
uid: jstevens
cn: Jamie Stevens
sn: Stevens
uidNumber: 111744
gidNumber: 260
homeDirectory: /home/jstevens
objectClass: person
objectClass: posixAccount
loginShell: /bin/tcsh
userPassword: {crypt}8edxUZX076fXk
dn: is the definitive name of the account. It consists of the cn (or common name) of the person, combined with the common name of the group (which will always be rastro, and then the basename of the directory, which will always be dc=astro,

uid: is the user ID of the account. For ares, the user ID is usually the first letter of the first name, followed by the surname. This is not a hard and fast rule however, and people should be allowed to choose their username, and it should usually be possible to match their UTAS user ID and their ares user ID.

cn: is the common name, which is the first name and surname of the person. It should match exactly what was put as the common name in the definitive name entry.

sn: is just the surname.

uidNumber: is the user ID number, which must be unique to ares. Lately I have been making the UID on ares the same as the UTAS-wide UID so that using TPAC shares becomes easier, however this is not strictly required.

gidNumber: is the group ID number, which should always be 260 (the rastro group ID number).

homeDirectory: is the location of the account’s home directory, and should be /home/ followed by the UID.

objectClass: is the type of directory entry to make (and each account can be of multiple types). For user accounts on ares, there should be 2 such entries, one specifying a person and another specifying a posixAccount.

loginShell: is the shell the user will be given when logging in, and unless the user has a strong preference, should be /bin/tcsh.

userPassword: is the password for the user account. You should keep the default {crypt}8edxUZX076fXk and use the ldappasswd command to change it after the account has been created; how to do this is described below.

ldapadd -x -v -D ‘cn=mgr,dc=astro,’ -W < add_ldap_user.ldif
assuming that the file you just created with the new account details is called add_ldap_user.ldif and is in the current directory. The only account that has the ability to alter the LDAP database is the cn=mgr account, so you must bind to the database with this account, as shown in the command above; this account has the same password as ares’ root password, and you must enter it when prompted by the command above.

Retrieved from
Page last modified on September 15, 2008, at 05:32 AM