Command line Administration limits??

[masterswitchit]

I must state explicitly that I do not care about the GUI tools. ?No real
administrator of systems capable of handling thousands of users will ever care about the GUI tools.

I appreciate apples limited documentation, but it doesn’t
address everything I would need to have done. ?The ‘adding a user’,
‘modifying a user’, and ‘deleting a user’ are covered. ?But at no time
have I found what I need to be able to explicitly:

????Create a user
????Create their home directory
????Set their disk quota
????Set their email quota

????Modify a users disk quota
????Modify a users email quota
????Modify a users name, adjust home directories and mail
????????configuration to match new account parameters.

????Delete a users disk quota
????Delete a users email quota
????Delete a users account have it automatically remove their
????????quotas, home directories, and files included therein.

All from the command line. ?I am more than capable of writing scripts
if I need to run multiple commands for each, finding those commands
via OS X has not been easy. ?I know how to ‘make a directory’. ?I do
not know how, in the OS X way of doing things, how to do the rest.
That is the part that stumped me and used up most of my time for a project
I am working on
I know how to:

????Create a user in OpenDirectory.

????Change a users password in OpenDirectory.

????Change a users ‘gecos’ or full name in OpenDirectory.

????Change a users login name in OpenDirectory.

????Delete a user in OpenDirectory.

Anyone have a better reference than apples standard docs?

Thanks in advance

[Anonymous]

[quote:cd02e3ac25]No real
administrator of systems capable of handling thousands of users will ever care about the GUI tools. [/quote:cd02e3ac25]

I’d avoid the generalizations if I were you. 16,000+ users here. We do hourly imports of 14,000 of them. I use both the GUI tools and the command-line tools–just for different purposes. I wouldn’t want to lose either of them.

All of the attributes you mentioned can be modified either using OpenLDAP tools (ldapadd/ldapdelete/ldapmodify) or dscl. The disk quota, for example, is HomeDirectoryQuota; just create an LDIF file with the appropriate action for the user’s dn.

E.g.: if the file deletequotas.ldif has this entry:

    dn: uid=joeuser,dc=mydomain,dc=com
    changetype: modify
    delete: HomeDirectoryQuota

Then you just run the command

    ldapmodify -f deletequotas.ldif

and the quota attribute will be deleted. Set the the delete line to “replace: HomeDirectoryQuota” to reset it. To add a user record, use ldapadd; to delete one, use ldapdelete. All pretty straightforward; consult the man pages for more information and examples. As for deleting a user’s home directory, you can just parse the attributes for the user as returned by ldapsearch, and use “rm -R” on the directory.

The one thing the OpenLDAP commands can’t do is to set an Open Directory (i.e., non-crypt) password, since they aren’t stored in the directory itself. For that, you’d need to use dscl, which is not too hard, either:

    dscl -u root -p /LDAPv3/127.0.0.1 -passwd /Users/joeuser <newpassword>

David Walton
Lane Community College

[Author]

Posts