|Free Software at Schools: Installing and Maintaining a Debian-Edu Network; Also Known as Skolelinux|
|Prev||Chapter 12. Daily Operation of Skolelinux/Debian-edu Network with Webmin||Next|
There are several systems for user information and administration in Skolelinux/Debian-edu, but now we use LDAP and the utility WLUS, and not /etc/passwd and its accompanying commands such as adduser, useradd, etc.
To get access to Webmin, point your favourite web browser to the address https://tjener .intern:10000/ldap-users You can use any web browser you want. You can also connect a Mac machine and run it from there.
Because we haven't added any users yet, it would be natural for us to choose "New User(s)". But before we do that, we may want to adapt WLUS to our needs.
Chapter 11There are two different ways to add new users, either one at a time, or a whole bunch at once using a so-called semicolon-separated file(;). By clicking on "New User(s)" you get up a rather long page. At the top is the possibility to add users manually one by one, by providing first/last name, together with password, if desired. A little farther down the page, you find the possibility to add several users at once, "Add users from file"
When you add a user in this way, the computer provides the username, and if you want, the password as well. But you can override this by ticking "Common password - Yes" and then typing in the password you want.
Remember to also choose what kind of role you want the new user to have.
This file is formatted with the different fields separated by a semicolon. You can create this file by exporting it to a semicolon-separated file from the school's database of attending pupils, or by exporting from OpenOffice/Excel, or by using a regular, simple text editor such as-> ->
not done by WLUS.
By putting a cross in front of a user, and choosing for example "Disable Login" that user will not be allowed to login.
The users can change their own password, as long as they have one that works. By starting the program kdepasswd which they can find in -> ->
Of course, they can also use the command passwd from the command line.
kdepasswd program will "freeze". Log out/in to solve this.
You can change the password for a user from the command line if you know the person's username.
/usr/share/debian-edu-config/tools/passwd brukernavnYou will be asked to type in a new password twice, and then finally you must type in the LDAP-administrator password.
In order to make changes in LDAP, such as adding users, changing passwords, etc, you must give a password, the so-called LDAP-admin password. This password is created during installation; see Figure 6-4. This password is one of 3 administrative passwords. The other two are the Webmin password, see Section 12.1 and the root password, see Figure 6-4.
The LDAP-admin password is changed from the command line with this command
/usr/share/debian-edu-config/tools/passwd adminThen you will be asked to provide the new password twice, as well as to type in the old one.
/usr/share/debian-edu-config/tools/passwd admin Enter new password for user admin: Reenter new password: Enter bind password:u
By using the command
slapcat -l /root/bruker.ldifyou will get a pure text file that contains the LDAP database. In this case, this is in the file named /root/bruker.ldif. This is a so-called ldif-file, ergo the file type "ldif". It would be smart to stop the slapd LDAP daemon, before you bring up this ldif-file This is, along with stopping nscd (Name Service Cache Daemon) is done with the commands
You can edit this file /root/bruker.ldifwith the help of your favourite text editor, for example kedit Section 8.2
In this file you can make changes in usernames, home directories, groups, etc., the same as when you use the user administration module in Webmin, Section 12.3. The advantage of using an ldif-file is that you can change several things at once. This is the file you use if you have to reinstall and want to use the same usernames and passwords again- it is a little tedious to have to hand out 1000 new usernames and passwords.
Sometimes you just have to do a reinstallation. In order not to inconvenience the users too much, it's nice to let them keep using their old passwords and usernames. If you have that specific ldif-file from LDAP, then you can just put it in the new installation and your users will be able to continue to use their old usernames and passwords.
Recipe for Carrying Over the LDAP Database
On the old server, before you do the reinstallation, take out an ldif-file from LDAP,
slapcat -l /root/bruker.ldif
Remember that whenslapd is stopped, no one can login.
Move this file, /root/bruker.ldif, over to the new installation, either by using a USB-pendrive, or by using a CD.
In order to be able to put in the old LDAP database with the help of your bruker.ldif, you have to delete the one that is already there. The database files are found in /var/lib/ldap. A good way to get rid of them is to move them to another directory, just in case you need them later.
mv /var/lib/ldap/* /root/dbb
slapadd -l bruker.ldif
NoeSometimes you can get in a situation where someone has experimented a little too much with various configurations, maybe so much that reinstallasjon would be the easiest thing to do.
If that happens with LDAP, there is a simpler way to "start from scratch" than to reinstall the whole system. You can delete your LDAP database that doesn't function the way you want it to, and then put in a new and unused one, in the same condition as it was right after installation. This means that all of your current users will be deleted.
The first thing you have to do is to make a copy of your current LDAP databasen, no matter whether it functions or not.
Stopp slapd-demonen og nscd
Make a copy of the old LDAP database, that is create a so-called ldif-file
slapcat -l /root/ldap.old.ldif
Delete the old LDAP database
mv /var/lib/ldap/* /root/dbb.old
Now you can put in a new, clean LDAP database with the command
Delete the home directories for the users whom you have just thrown out, 'rm -rf' dletes the entire directory, with asking. Be careful!
rm -rf /skole/tjener/home/user1
rm -rf /skole/tjener/home/user2
De aware that you are now permanently deleting these home directories. Just in case you might regret this action later, it's wise to take a backup before you delete them. See Section 12.2
If this doesn't work, you can put in the old LDAP databasen again
mv /var/lib/ldap/* /root/dbb2.old
slapadd -l /root/ldap.old.ldif
Once in a while, it's wise to make a copy of the LDAP database,
slapcat -l /root/ldap.TodaysDate.ldif
In earlier versions of Skolelinux/Debian-edu this command was called ldap-skolelinux-install