LDAP management tools

From BNL Physics Computing

For now, just the built in documentation:

home -h
usage: [options] <command> [command arguments]

-h              show help on available commands
-w <password>   set password
-W              prompt for password
-D <dn>         overwride default dn to bind with
-u              operate on user directory (ou=People, def)
-n              operate on node directory (ou=Hosts)

Any command that modifies needs a binding dn and password
If password asked for, bind as "manager"

Using -u/n affects what commands are accessible.

Commands:

add:
       Add a key:value pair to the entry of the given name.
       Args: <name> <key> <value>

audit:
       Audit all users and dump those that are not eligible and
       have at least one "host" entry

create:
       Not yet implemented

delete:
       Delete the key:value pair from the entry of the given name.
       Args: <name> <key> <value>

dump:
       Dump all key:value pairs for the given names.
       Args: <name> [...]

dump_all:
       Dump all key:value pairs for given names.
       No arguments.

exports:
       Spit out lines of /etc/exports sufficient to let the given
       host export any and all user home directories it is servering.
       Args: <hostname>

kill:
       Not yet implemented

lock:
       Lock users accounts by adding a '!' in front of their passwords

match_pass: None
query:
       Do generic LDAP query, dump results
       Args: <query>

replace:
       Replace the given key:old pair with key:new in the entry of the given name.
       Args: <name> <key> <old> <new>

shadow:
       Turn on shadow password aging for given user
       Arg: username

unlock:
       Unlock users accounts by removing any '!' in their passwords

update_shadow:
       Manually update the shadow info to be fresh enough to let all
       users log in again.