SIMP systems are preconfigured with two groups:
administrators
(700): Group that has ssh and privilege escalation privilegesusers
(100): Group that does not have ssh or privilege escalation privileges
To add another group:
Login to the LDAP server as
root
.Edit the
/root/ldifs/add_group.ldif
shown below.dn: cn=<groupname>,ou=Group,dc=your,dc=domain objectClass: posixGroup objectClass: top cn: <groupname> gidNumber: <Unique GID number> description: "<Some useful group description>"
Type the following, substituting your DN information for
dc=your,dc=domain
:ldapadd -Z -x -W -D "cn=LDAPAdmin,ou=People,dc=your,dc=domain" \ -f /root/ldifs/add_group.ldif
To remove a group:
Login to the LDAP server as
root
.Edit the
/root/ldifs/del_group.ldif
shown below.dn: cn=<Group Name>,ou=Group,dc=your,dc=domain changetype: delete
Type the following, substituting your DN information for
dc=your,dc=domain
:ldapmodify -Z -x -W -D "cn=LDAPAdmin,ou=People,dc=your,dc=domain" \ -f /root/ldifs/del_group.ldif
To add users to a group:
Login to the LDAP server as
root
.Edit the
/root/ldifs/add_to_group.ldif
shown below.dn: cn=<Group Name>,ou=Group,dc=your,dc=domain changetype: modify add: memberUid memberUid: <UID1> memberUid: <UID2> ... memberUid: <UIDX>
Type the following, substituting your DN information for
dc=your,dc=domain
:ldapmodify -Z -x -W -D "cn=LDAPAdmin,ou=People,dc=your,dc=domain" \ -f /root/ldifs/add_to_group.ldif
To remove users from a group:
Login to the LDAP server as
root
.Edit the
/root/ldifs/del_to_group.ldif
shown below.dn: cn=<Group Name>,ou=Group,dc=your,dc=domain changetype: modify delete: memberUid memberUid: <UID1> memberUid: <UID2> ... memberUid: <UIDX>
Type the following, substituting your DN information for
dc=your,dc=domain
:ldapmodify -Z -x -W -D "cn=LDAPAdmin,ou=People,dc=your,dc=domain" \ -f /root/ldifs/del_from_group.ldif