Even though we have integrated authentication for accounts, user provisioning still needs to occur in every system independently.
We have a script called
create_user.sh that provisions all necessary accounts. It takes the username. first name. and last name as the arguments.
Generates an LDIF
Export the LDIF
Adds the LDIF to openldap1
Creates an AFS home directory
and resets the Kerberos principal password to the default
First, you need to create an AFS user account. Make sure you are authenticated with your /admin principal.
pts createuser <username>
The command should give an output similar to:
User <username> has id 12345678
If the user already has an AFS user account, run the following command in order to obtain an ID.
pts examine <username>
Next, you need to add the account to LDAP. First, generate an LDIF file using the guide at NSS LDAP Templates. Run the command below after you have created an LDIF file.
ldapadd -h openldap1 -Y GSSAPI -f <ldif file>
Below is an example LDIF file. Make sure you replace first name, last name, uidNumber, and graduation year!
dn: uid=2017ewang,ou=2017,ou=students,ou=people,dc=csl,dc=tjhsst,dc=educn: Eric Wangdescription: 2017displayName: Wang, EricgivenName: Ericuid: 2017ewangsn: WangobjectClass: inetOrgPersonobjectClass: topobjectClass: organizationalPersonobjectClass: personobjectClass: posixAccountuidNumber: 00000000gecos: Eric WanggidNumber: 2017homeDirectory: /afs/csl.tjhsst.edu/students/2017/2017ewangloginShell: /bin/bash
cd /afs/csl.tjhsst.edu/.students/.20XX/vos create -server openafs3 -partition vicepa -name 20XX.<username> -maxquota 1048576vos backup 20XX.<username>fs mkmount <username> 20XX.<username>fs mkmount <username>/yesterday 20XX.<username>.<backup>fs sa <username> <username> rlidwkavos release students.20XX