NSS LDAP Templates

Below are example commands and LDIFs for various common NSS LDAP operations. To run the below examples, you can either run the command and paste the LDIF contents into the terminal or you can place the contents into a file and run the command with the -f argument.

Additions
The following templates are used for creating new instances of various types of objects. These examples should be run with the following command:

General User Account
This template is for creating a general-purpose user account; for example a new staff member or a guest account. By convention, we normally use the ID of the account's AFS user (if applicable) as the uidNumber. This can be retrieved using:

Server User Account
This template is similar to the previous one except this user account is valid for servers and other restricted-access systems. By convention, we use the same uidNumber for this account as for the user's general access account.

Group
This template is for creating a new group. These groups exist on both general and restricted access systems.

Organizational Unit (OU)
This template is for creating a new organizational unit.

Modifications
The following templates are for modifying existing objects. These examples should be run with the following command:

Adding a User to a Group
This template is for adding a user to an existing group.

Removing a User from a Group
This template removes a single user from a group. NOTE - be very careful when using this template via copy-paste as if you accidentally miss the last line, you will delete all of the memberUid attributes instead of the single targetted instance.

dn: cn=allaccess,ou=group,dc=csl,dc=tjhsst,dc=edu changetype: modify delete: memberUid memberUid: ahamilto

Deletions
To delete an object from LDAP, use the following command and LDIF.