Hello all,
So I was able to create a new user into my ClearOS LDAP coming from a AD export (I should be able to to dat for 2'000 people teachers & students at the end)
For the while, I just created my new user in my LDAP with the minimum requested informations. So I created the following ldap objectclass :
. top
. posixAccount
. inetOrgAccount
The next step for me is to be able to authenticate a user connecting to a MAC computer with the user I just import but I dont know whare are the minimum informations requested in the ClearOS LDAP system.
If I create a new user from the clearos web console, I've the following objectclass (plus the one I already talked about)
. shadowAccount
. clearAccount
. sambaSamAccount
Can someone tell me which ones are requested to be able to authenticate.
As a reminder, the project aims to manager the users of a school (teachers, students and staff). These users come from a much bigger system (Active Directory) and I receive an export every night. With that file, I've to synchronise my clearos LDAP system.
The school's new security standard require us to ensure that uses can no longer user our network withoung being authenticated (Windows PC, MAC or Wifi). For the wifi, we use the clearos Radius system which works fine.
Thanks to all for your help
PS. If someone is interested in the sync of the AD with the Clearos LDAP, i can share my work.
So I was able to create a new user into my ClearOS LDAP coming from a AD export (I should be able to to dat for 2'000 people teachers & students at the end)
For the while, I just created my new user in my LDAP with the minimum requested informations. So I created the following ldap objectclass :
. top
. posixAccount
. inetOrgAccount
The next step for me is to be able to authenticate a user connecting to a MAC computer with the user I just import but I dont know whare are the minimum informations requested in the ClearOS LDAP system.
If I create a new user from the clearos web console, I've the following objectclass (plus the one I already talked about)
. shadowAccount
. clearAccount
. sambaSamAccount
Can someone tell me which ones are requested to be able to authenticate.
As a reminder, the project aims to manager the users of a school (teachers, students and staff). These users come from a much bigger system (Active Directory) and I receive an export every night. With that file, I've to synchronise my clearos LDAP system.
The school's new security standard require us to ensure that uses can no longer user our network withoung being authenticated (Windows PC, MAC or Wifi). For the wifi, we use the clearos Radius system which works fine.
Thanks to all for your help
PS. If someone is interested in the sync of the AD with the Clearos LDAP, i can share my work.
Share this post:
Responses (4)
-
Accepted Answer
Hello Nick,
Thank very much for the informations. I just had a look at the clearos_usr command. Unfortunately, this command can only add a user at a time and we can give the name and surname of the user. From my AD export, I've more informations I need to inject into my LDAP system... so I think it will be difficult using it .. but thanks any way for your help ; I appreciate
root@srv-cos /]# clearos_user -h
usage: /usr/sbin/clearos_user -u <username> -p <new password>
Common Options
--------------
-u=username
-p=password (eg. set new password)
-a (add account - requires -p, -f and -l flags to be set)
-d (delete account)
-f=first name
-l=last name
-o=output (json [default] or stdout)
-h: help
-
Accepted Answer
I've just spent an age looking for it, remembering something Ben once said. There is a utility, clearos_user, which you can use to add and delete users. Do a:
to see the options. If you can produce a list of users to add and delete from your AD diff, then you should be able to feed them into this command.clearos_user -h -
Accepted Answer
Hello Dave and thanks for your message.
The tool and explanations I used to achieve that is here : https://lsc-project.org/doku.php
I changed a little bit the data of the project to be able to work with the database MariadDB delivered in the ClearOS Marketplace and the phpmyadmin tool.
the synchronization is divided into two phases. The first phase import the exported file of the AD into a MariaDB table and the second phase syncronize the clearos LDAP with the MariaDB database according to the fact that the database is the master.
To avoid deleting defaults entries of the clearos ldap entries (like cn=flexshare System for example), I created under the Users OU a new OU with the name of my school. The users from the AD are created into this new OU.
About passwords : in fact and because of security reasons, I dont receive the passwords from our main organization. People will receive an random password they will have to change. -
Accepted Answer
Arnaud,
Do you have a gitlab or github location for your code and instructions? Also, how do you intercept the password since it is not an object in AD? Or do you not worry about it? Normally, you would have to put a .dll that would watch for the change on each of the Global Catalog servers.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »