libuser is a collection of libraries and tools to manage users and groups under Linux or UNIX-like systems. libuser has several modules allowing to manage users and groups through different backends, like local (password and shadow) and LDAP (the LDAP backend has been somewhat unusable up to version 0.52).
The LDAP module, however, requires the user to supply a BIND_PW (password) for the BIND_DN (user) in order to authenticate against the LDAP directory server an perform the modifications. In automated deployment scenarios, it’s essential to be able to perform operations on to the LDAP directory server without asking the user for the password. Instead, the password used to authenticate against the LDAP directory server could be well stored in libuser’s configuration file, /etc/libuser.conf.
I’ve made a patch against libuser that implements a new configuration parameter for the LDAP module. This new parameter is named password, and specifies the password for the user binddn user.
Here is a sample of libuser’s configuration file,
[defaults] # The default (/usr/lib*/libuser) is usually correct # moduledir = /your/custom/directory skeleton = /etc/skel mailspooldir = /var/mail modules = ldap create_modules = ldap crypt_style = md5 [userdefaults] LU_USERNAME = %n LU_UIDNUMBER = 10000 LU_GIDNUMBER = %u LU_HOMEDIRECTORY = /home/%n LU_LOGINSHELL = /bin/bash [groupdefaults] LU_GROUPNAME = %n LU_GIDNUMBER = 10000 [ldap] # Setting these is always necessary. server = ldap://directory.server.fqdn basedn = dc=example,dc=com # Setting these is rarely necessary, since it's usually correct. userBranch = ou=People groupBranch = ou=Groups # Set only if your administrative user uses simple bind operations to # connect to the server. binddn = cn=Directory Manager password = secret
The patched SRPM and diff patch can be obtained from here: libuser-0.52.5-1.el4.1