Even though we have integrated authentication for accounts, user provisioning still needs to occur in every system independently.
We have a script called
create_user.shthat provisions all necessary accounts. It takes the username. first name. and last name as the arguments.
- Generates an LDIF
- Export the LDIF
- Adds the LDIF to openldap1
- Creates an AFS home directory
- and resets the Kerberos principal password to the default
First, you need to create an AFS user account. Make sure you are authenticated with your /admin principal.
pts createuser <username>
The command should give an output similar to:
User <username> has id 12345678
If the user already has an AFS user account, run the following command in order to obtain an ID.
pts examine <username>
ldapadd -h openldap1 -Y GSSAPI -f <ldif file>
Below is an example LDIF file. Make sure you replace first name, last name, uidNumber, and graduation year!
cn: Eric Wang
displayName: Wang, Eric
gecos: Eric Wang
vos create -server openafs3 -partition vicepa -name 20XX.<username> -maxquota 1048576
vos backup 20XX.<username>
fs mkmount <username> 20XX.<username>
fs mkmount <username>/yesterday 20XX.<username>.<backup>
fs sa <username> <username> rlidwka
vos release students.20XX