> > My question now is, how do I add new users to the DS... > To add data to your directory, including users, you can use whatever LDAP modification tool you like. The most basic option is the ldapmodify command, but depending on how often you add or update users, you will probably get tired of manually typing LDIF input for ldapmodify. You could also use the Fedora console, write your own scripts, or look into other LDAP admin programs (there are several). > ...with the necessary shadowAccount attributes? How do I generate the crypted userPassword, shadowLastChange, etc. values? Using your favorite LDAP admin program :), you can assign whatever initial values you want for the shadow attributes. If pam/nss_ldap is so configured on your Linux clients, the passwd command will update the shadow attributes when passwords are changed. Solaris 8 LDAP clients ignore shadow attributes, so you might not want to rely on LDAP-based shadow if you have Solaris 8 in your environment. Fedora DS can hash passwords several ways, including crypt. You can choose the default password hash in the Fedora console. The directory server will hash userPassword attributes with whatever hash you select. Note that changes to the default password hash are only effective for subsequent userPassword updates. In other words, changing the hash does not cause a re-hash of every userPassword attribute in the directory. -- George Oscar A. Valdez wrote: > I've followed the instructions in Gerald Carter's "LDAP System > Administration", specifically those in Chapter 6: Replacing NIS. > > I've used PADL's scripts to migrate the info > from /etc/passwd, /etc/shadow, and /etc/group into the DS server. My > question now is, how do I add new users to the DS, with the necessary > shadowAccount attributes? How do I generate the crypted userPassword, > shadowLastChange, etc. values? >
