Command line utilities let you to create, modify, delete, and list both user and group accounts. This chapter describes these utilities and explains their usage. It also describes how you can assign Linux attributes to objects using Novell iManager.
NOTE:The command line utilities read the necessary input parameters from the configuration file /var/nam/namutils.inp if not specified in the command line. If not present, this file is created by the utilities with the system default values like the default shell, default home directory, and skeleton directory. Other parameters like account expiry time, admin FDN, default group object to which users are associated, context under which user and group objects are added are also set when any of the commands listed in this section is executed.
However, namuserlist and namgrouplist will not create this file. Refer to the following sections for more details.
The nambulkadd utility is used to
The nambulkadd command involves authentication to eDirectory as the Admin user. If your interaction with the server can be viewed by others, you will want to set an environment variable with the Admin password rather than specifying the password on a command line.
To set the required environment variable, complete the following step.
As root, enter the following at the shell prompt:
export LUM_PWD=AdminPassword
where AdminPassword is the password of the eDirectory Admin user.
The syntax of the nambulkadd command is as follows:
nambulkadd [-a adminFDN][-w admin_password][-u /path/userlistfile][-g /path/grouplistfile]
The following table describes the nambulkadd parameters
Table 5-1 nambulkadd Parameters
|
Parameter |
Description |
|---|---|
|
-a |
Specify the fully distinguished name of the eDirectory administrator. |
|
-w |
Specify the password for eDirectory Admin user. (Optional. See Security Considerations above.) |
|
-u |
Specify the path and name of the userlist.txt file located in /sys/scu/lum on the Linux server. This file is created by the Server Consolidation utility as documented in the Novell Server Consolidation and Migration Toolkit Administration Guide. |
|
-g |
Specify the path and name of the grouplist.txt file located in /sys/scu/lum on the Linux server. This file is created by the Server Consolidation utility as documented in the Novell Server Consolidation and Migration Toolkit Administration Guide. |
There are no default values associated with this utility.
nambulkadd -a cn=admin,o=novell -u /sys/scu/lum/job1-userlist.txt -g /sys/scu/lum/job1-grouplist.txt
This LUM-enables all the group objects listed in job1-grouplist.txt and all the user objects listed in job1-userlist.txt.
Normally, the nambulkadd command processes text files created by the Novell Server Consolidation Utility. However, you can create customized files to bulk-enable system users and groups by doing the following.
Using your favorite Linux text editor, create a text file for the eDirectory groups you want to LUM enable.
IMPORTANT:Do not use Windows editors to modify the userlist. If Windows editors were used to edit the userlist, the admin needs to run the "DOS to Unix" cleanup utility to remove the "^M" or x0D charater in the userlist file
If the userlist generated by SCU gets edited by Windows editors such as Notepad, Wordpad, OpenOffice, etc, it will add a "^M" or x0D at the end of every line. If you run nambulkadd with the userlist edited and saved with MS Windows editors, it will create a new LUM user with x0D in the username. Most Windows utilities such as ConsoleOne will not see the x0D at the end of the username and it will appear as a duplicate use object..
These can be either new groups you want to create or existing groups that have not been LUM enabled.
On the first line in the file, include all the parameters you would normally use in connection with one instance of the namgroupadd command to create a LUM-enabled group.
For example, if your system doesn't currently contain the eDirectory object Group1.sales.example, and the first line contains
-x ou=sales,o=example -W LinuxSrvr1 Group1
then when you run nambulkadd, the following occurs
After creating a line in the file for each group you want to enable for LUM, create a second file to contain information for the users you want to LUM-enable.
As with the group text file, the users in this file can be either new users that you want to create or existing users that have not been LUM enabled.
On the first line in the file, include all the parameters you would normally use in connection with one instance of the namgroupadd command to create a LUM-enabled user.
For example, if your system doesn't currently contain the eDirectory object John.sales.example, and the first line contains
-x ou=sales,o=example -g cn=Group1,ou=sales,o=example John
then when you run nambulkadd, the following occurs
After creating a line in the userlist file for each user you want to enable for LUM, save the file and run the utility using the syntax specified in Syntax.
The nambulkadd utility is designed specifically for LUM enabling user and group objects. Keep the following points in mind as you plan to use the utility.
The nambulkadd utility is only designed to enable groups and users for LUM and cannot be used to make other modifications once that enabling task is completed.
The namuseradd utility is used to create a Linux User object in eDirectory with the attributes you specify on the command line. In case a User object with the same name already exists under the specified eDirectory context, namuseradd checks whether the user is a Linux user or an eDirectory user. If the user is a Linux user, a message indicates that a Linux user with the same name already exists.
The syntax of the namuseradd utility is as follows:
namuseradd [-a adminFDN][-w bindpasswd][-x user_context][-c comment][-d directory][-e expiry_date][-g primary_groupFDN][-G groupFDN][-G groupFDN]...][-m [-k skeldir]][-n][-s shell][-D][-P][-p passwd][-u uid][-o]] user_name
The following table describes the namuseradd parameters.
Table 5-2 namuseradd Parameters
The following default values are taken from the file /var/nam/namutils.inp, if not specified at the command line:
adminFDN: Set from the value provided with the -a option.
expiry_date: Set from the value provided with the -e option.
directory: Set from the value provided with the -d option.
shell: Set from the value provided with the -s option.
namuseradd -a cn=admin,o=novell -x ou=lum,o=novell - g cn=other,ou=linux_groups,o=novell Dave
This adds a user, Dave, to the eDirectory context ou=lum,o=novell which has the primary group as other.
The namgroupadd utility is used to create a Linux Group object in eDirectory, with the attributes you specify on the command line. In case a Group object with the same name already exists under the specified eDirectory context, namgroupadd checks whether the group is a Linux group or a NetWare group. By default, if the group is a NetWare group, namgroupadd upgrades the group to a Linux group, unless otherwise specified (see -n option below). If the group is a Linux group, a message indicates that a Linux group with the same name already exists.
The syntax of the namgroupadd utility is as follows:
namgroupadd [-a adminFDN][-w bindpasswd] [- x group_context] [-A | -W workstation_name [,workstation_name...]] [-g gid[-o]] [-P] [-n] group_name
The following table describes the namgroupadd parameters.
Table 5-3 namgroupadd Parameters
The following default value is taken from the file /var/nam/namutils.inp, if not specified at the command line:
namgroupadd -W garfield -g 110 grp1
This adds a group named "grp1" to a workstation named "garfield" and assigns it the group ID 110.
namgroupadd -P -x ou=nam,o=novell -A grp2
This adds a group named "grp2" to the specified eDirectory context, after first checking that the group does not already exist under the partition root.
The namusermod utility is used to modify a Linux user's login in eDirectory. It changes the definition of the specified login and updates all the login-related system files appropriately.
The syntax of the namusermod utility is as follows:
namusermod [-a adminFDN][-w bindpasswd][-c comment][-d directory][-e expiry_date][-p passwd][-g primary_groupFDN][-G groupFDN[-G groupFDN]...][-D groupFDN[-D groupFDN]...][-u uid[-o]][-s shell] userFDN
The following table describes the namusermod parameters.
Table 5-4 namusermod Parameters
The following default values are taken from the /var/nam/namutils.inp file, if not specified at the command line:
namusermod -g cn=hrd,ou=Linux_groups,o=novell -G cn=grp2,ou=nam,o=novell cn=John,ou=unixuser,o=novell
This replaces the existing primary group of a user named John with a group named "hrd" whose fully distinguished eDirectory context is provided; it also adds John to another group named "grp2."
The namgroupmod utility is used to modify the attributes of a Linux Group object in eDirectory.
The syntax of the namgroupmod utility is as follows:
namgroupmod [-a adminFDN][-w bindpasswd][-W workstation_name[-W workstation_name]...][- d workstation_name][-P][-g gid][-o][-n name] groupFDN
The following table describes the namgroupmod parameters.
Table 5-5 namgroupmod Parameters
The following default values are taken from the /var/nam/namutils.inp file, if not specified at the command line:
namgroupmod -W linux10 -d garfield cn=grp1,ou=nam,o=novell
This adds a group named "grp1" to a workstation named "linux10" and also removes it from the workstation named "garfield."
The namuserdel utility deletes a Linux user's login from eDirectory and updates all the login-related system files appropriately.
The syntax of the namuserdel utility is as follows:
namuserdel [-a adminFDN][-w bindpasswd][-r] userFDN
The following table describes the namuserdel parameters.
Table 5-6 namuserdel Parameters
The following default values are taken from the /var/nam/namutils.inp file, if not specified at the command line:
namuserdel cn=usr1,ou=nam,o=novell
This deletes the user named usr1 from eDirectory.
The namgroupdel utility deletes a Linux Group object from eDirectory and updates all the login-related system files appropriately.
The syntax of the namgroupdel utility is as follows:
namgroupdel[-a adminFDN][-w bindpasswd]groupFDN
The following table describes the namgroupdel parameters.
Table 5-7 namgroupdel Parameters
The following default values are taken from the /var/nam/namutils.inp file, if not specified at the command line:
namgroupdel cn=grp1,ou=nam,o=novell
This removes the group named "grp1."
The namuserlist utility lists the attributes of Linux User objects in eDirectory in /etc/passwd format. If you do not specify the user context, the attributes of all users in the current workstation are listed.
The syntax of the namuserlist utility is as follows:
namuserlist {-x user_context : user_name}
The following table describes the namuserlist parameters.
Table 5-8 namuserlist Parameters
|
Parameter |
Description |
|---|---|
|
-x |
Specify the fully distinguished eDirectory context of the user. |
|
Specify the user's login name and CommonName in eDirectory. |
namuserlist usr1
This displays the attributes of the user named "usr1."
The namgrouplist utility lists some of the attributes of Linux Group objects in eDirectory. Use iManager to see all of the attributes, including the UNIX Workstation objects associated with the Group.
The syntax of the namgrouplist utility is as follows:
namgrouplist{-x group_context : group_name}
The following table describes the namgrouplist parameters.
Table 5-9 namgrouplist Parameters
|
Parameter |
Description |
|---|---|
|
-x |
Specify the fully distinguished eDirectory context of the group. |
|
Specify the fully distintinguished name of the group. |
namgrouplist grp1
This lists the attributes of a group named "grp1."