Chandan Kumar wrote:

Thanks that helped.

The main reason for my LDAP deployment is for Centralized Linux User
management for all Linux Servers. What would be the simplest way to do
basic user/group management such as

1. Adding/Removing users to/from Groups.
2. Creating new groups and adding the users to it.
3. Moving users across the groups.

You might want to consider the FreeIPA project, It does exactly this, backed with 389-ds and MIT Kerberos.


 From the documentation it appears that the static group is what I
should be looking at, not sure though.

Basically I already have many users whose accounts need to be migrated
to directory server (as of now Manually managed by puppet). I was
wondering if I could do that in some ldif commands.

I am really poor with ldif statements. I was trying to do it with
Managed group but I could not do it.

How a ldif command would look like if I want to add a user say testuser,
and also add it to 3 different usergroups (testuser (created by Managed
Plugin), testsupport, testadmin, testsales).


On Wednesday, March 20, 2013, Rich Megginson wrote:

    On 03/20/2013 10:07 AM, Chandan Kumar wrote:
    Hi Nathan,

    Thanks. Yes it was a stupid Typo. Is there any way to
    modify/delete entries created by the Managed Entries plugin?

    When I try to delete those group entries it denies say "It needs
    to be Manually Unlinked" not sure how to un-link them. Any idea on

    You have to remove objectclass: mepManagedEntry and mepManagedBy:
    uid=jsmith,ou=people,dc=example,dc=com from the group entry


    On Tue, Mar 19, 2013 at 10:55 PM, Nathan Kinder
    <> wrote:

        On 03/19/2013 02:33 PM, Chandan Kumar wrote:

        I am deploying the 389 server (On CentOS 6) to manage the
        Linux Users/Password. So as part of Linux User management, I
        was trying to get the Managed Entries work for Posix user

        I am following the standard Redhat documentation.

        So I created the templates, exactly the way explained in the
        doc, but when I create the users it is not creating
        corresponding Groups.

        I am using following ldap commands to add entries. I could
        see the this plugin created in from the console server ->
        data -> Plugins -> Managed Entries -> <My plugin>

        User creation statements

        dn: uid=pappu1,ou=People,dc=ma,dc=net
        objectclass: person
        objectclass: inetorgperson
        objectclass: posixAccount
        cn: Pappu
        sn: Papa
        givenName: pappu1
        objectclass: mepOriginEntry
        mepManagedEntry: cn=Pappu Group
        homeDirectory: /home/pappu1

        The plugin

        dn: cn=Posix User-Group,cn=Managed Entries,cn=plugins,cn=config
        objectclass: extensibleObject
        cn: Posix User-Group
        originScope: ou=people,dc=ma,dc=ma
        You have a typo in your originScope setting.  It should be

        originFilter: objectclass=posixAccount
        managedBase: ou=groups,dc=ma,dc=net
        managedTemplate: cn=Posix User-Group

        The template

        dn: cn=Posix User-Group Template, ou=Templates,dc=ma,dc=net
        objectclass: mepTemplateEntry
        cn: Posix User-Group Template
        mepRDNAttr: cn
        mepStaticAttr: objectclass: posixGroup
        mepMappedAttr: cn: $cn Group Entry
        mepMappedAttr: gidNumber: $gidNumber
        mepMappedAttr: memberUid: $uid


        389 users mailing list



389 users mailing list

389 users mailing list

Reply via email to