25.1. Creating a User Group in a Directory Service #
Create a user group in OpenLDAP or Active Directory. For Active Directory, two ways of creating a user group are supported:
Important
Users added to groups must be created in OpenLDAP or Active Directory with the following configuration parameters required for PPEM:
first_name: The first name of the user.last_name: The last name of the user.email: The email address of the user.login: The login of the user.password: The password of the user.
You must specify a value in the string format for each parameter.
For more information about creating user groups, refer to the official OpenLDAP documentation or to the official Microsoft documentation on Active Directory.
25.1.1. Creating a User Group in OpenLDAP #
Create a user group configuration file in the LDIF format and specify the following parameters:
dn:
user_group_DNobjectClass: posixGroup cn:user_group_namegidNumber:user_group_IDmemberUid:user_IDWhere:
dn: The distinguished name (DN) of the user group.You can specify the following attributes:
cn: The unique name of the user group.ou: The organizational unit where the user group will be located.dc: The components of the domain that will be associated with the user group. For example,example.com.
cn: The unique name of the user group.gidNumber: The unique ID of the user group.memberUid: The unique IDs of users that will be added to the group.
Create a user group in OpenLDAP:
ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f example-group.ldif
Where:
-D: The distinguished name of the OpenLDAP administrator.-W: The password request.-f: The name of the user group configuration file.
Ensure that the user group was created successfully:
ldapsearch -x -b "ou=groups,dc=example,dc=com" "(cn=examplegroup)"