4.8.1.1.3. User Management in 389-DS¶
4.8.1.1.3.1. List 389-DS Users¶
You can list all users in the default SIMP 389-DS instance by running:
dsidm accounts -b "<base DN>" user list
4.8.1.1.3.2. Add a User to 389-DS¶
To add a user to 389-DS, you can either run dsidm user create
and it will
prompt you for input or you can provide most parameters at the command line as
follows:
dsidm accounts -b "<base DN>" user create --uid alice --cn "Alice User" --displayName 'Alice' \
--uidNumber 1000 --gidNumber 1000 --homeDirectory /home/alice
4.8.1.1.3.3. Remove a User from 389-DS¶
To remove our alice user, run the following command:
dsidm accounts -b "<base DN>" user delete <DN>
It will prompt you to type Yes I am sure
to confirm deletion.
To get the DN for the user run:
dsidm accounts -b "<base DN>" user get alice | head -1 | cut -f2- -d' '
4.8.1.1.3.4. Add a Password to a 389-DS User¶
You may notice that this user has been created without a password. The command line options do not provide this capability so a password will need to be added afterwards.
Note
No matter which of the following methods you choose, the user will be prompted to change their password at the next login by default.
4.8.1.1.3.4.1. Interactive Reset¶
To be prompted for the user credentials, you can run the following:
dsidm accounts -b "<base DN>" account reset_password "<DN>"
To obtain the DN
run:
dsidm accounts -b "<base DN>" user get alice | head -1 | cut -f2- -d' '
4.8.1.1.3.4.2. Direct Reset¶
If you want to set the user’s password directly, first generate the password
using pwdhash
:
pwdhash -D /etc/dirsrv/slapd-accounts "<plain_text_password>"
Then run the following, pasting the output of the previous command into
<GENERATED_HASH>
:
dsidm accounts -b "<base DN>" user modify alice add:userPassword:<GENERATED HASH>
4.8.1.1.3.5. Add a SSH Public Key to a 389-DS User¶
You can use the following command to add a SSH key to a 389-DS user:
dsidm accounts -b "<base DN>" user modify alice add:nsSshPublicKey:"<ssh-rsa AAA...>"
4.8.1.1.3.6. Remove a SSH Public Key from a 389-DS User¶
You can use the following command to remove a SSH key from a 389-DS user:
dsidm accounts -b "<base DN>" user modify alice delete:nsSshPublicKey:"<ssh-rsa AAA...>"