.. vaq1552681912484 .. _create-ldap-linux-groups-4c94045f8ee0: ========================== Create LDAP Linux Groups ========================== |prod| offers |LDAP| commands to create and manage |LDAP| Linux groups as part of the `ldapscripts` library. .. rubric:: |context| .. note:: For security reasons, it is recommended that ONLY admin level users be allowed to |SSH| to the nodes of the |prod|. Non-admin level users should strictly use remote CLIs or remote web GUIs. The main commands that manage |LDAP| Linux groups are: ``ldapaddgroup`` , ``ldapaddusertogroup``, ``ldapdeletegroup``, ``ldapdeleteuserfromgroup``. To list all the commands in the `ldapscripts` library, the following command can be used: .. code-block:: none sysadmin@controller-0:~$ ls /usr/sbin/ldap* /usr/sbin/ldapaddgroup /usr/sbin/ldapid /usr/sbin/ldapaddmachine /usr/sbin/ldapinit /usr/sbin/ldapaddsudo /usr/sbin/ldapmodifygroup /usr/sbin/ldapadduser /usr/sbin/ldapmodifymachine /usr/sbin/ldapaddusertogroup /usr/sbin/ldapmodifysudo /usr/sbin/ldapdeletegroup /usr/sbin/ldapmodifyuser /usr/sbin/ldapdeletemachine /usr/sbin/ldaprenamegroup /usr/sbin/ldapdeletesudo /usr/sbin/ldaprenamemachine /usr/sbin/ldapdeleteuser /usr/sbin/ldaprenameuser /usr/sbin/ldapdeleteuserfromgroup /usr/sbin/ldapsetpasswd /usr/sbin/ldapfinger /usr/sbin/ldapsetprimarygroup /usr/sbin/ldapgid /usr/sbin/ldapusersetup The |LDAP| commands usage information can be found from man pages or using the "--help" option. For example, this is the usage information for creating or adding a |LDAP| Linux group. .. code-block:: none sysadmin@controller-0:~$ ldapaddgroup --help Usage : /usr/sbin/ldapaddgroup [gid] sysadmin@controller-0:~$ man ldapaddgroup ldapaddgroup(1) General Commands Manual ldapaddgroup(1) NAME ldapaddgroup - adds a POSIX group entry to LDAP. SYNOPSIS ldapaddgroup [gid] OPTIONS The name of the group to add. [gid] The gid of the group to add. Automatically computed if not specified. |LDAP| Linux group command examples: Create a group .. code-block:: none $ sudo ldapaddgroup group-test Successfully added group group-test to LDAP Add a user to the group .. code-block:: none $ sudo ldapaddusertogroup user-test group-test Successfully added user user-test to group cn=group-test,ou=Group, dc=cgcs,dc=local Delete a user membership from the group .. code-block:: none sysadmin@controller-0:~$ ldapdeleteuserfromgroup --help Usage : /usr/sbin/ldapdeleteuserfromgroup $ sudo ldapdeleteuserfromgroup user-test group-test Successfully deleted user user-test from group cn=group-test,ou=Group, dc=cgcs,dc=local Delete a group .. code-block:: none sysadmin@controller-0:~$ ldapdeletegroup --help Usage : /usr/sbin/ldapdeletegroup $ sudo ldapdeletegroup group-test Successfully deleted group cn=group-test,ou=Group,dc=cgcs,dc=local from LDAP After the execution of a |LDAP| Linux group command, the command prompt is displayed. .. code-block:: none controller-0: ~$