Creating a user and adding a user to a group

Use LDAP to create a new user and add that user to an existing group. You can also add an existing user to an existing group.

Before you begin

During the installation of Netcool® Operations Insight® you must communicate with the cluster from the command line, using the Kubernetes command line interface kubectl, You must configure the command line on your terminal to communicate with the cluster using the Kubernetes command line interface kubectl.

Procedure

  1. Run the following command to retrieve the identifier of the LDAP Proxy Server pod.
    kubectl get pods | grep release_name-openldap-0
    Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view)..
  2. Log in to the LDAP Proxy Server pod.
    kubectl exec openldap_pod_id -it -- /bin/bash
    Where openldap_pod_id is the identifier of the LDAP Proxy Server pod.
    Proceed as follows:
    If you want to... Then...
    Create a new user and add it to a group. Go to the next step.
    Add an existing user to a group. Go to step 3
  3. Create the new user.
    1. Create an LDAP Data Interchange Format file to define the new user.
      For example:
      vi newuser.ldif
    2. Define the contents of the LDIF file that you created by using a format similar to this example:
      dn: uid=icptester,ou=users,dc=mycluster,dc=icp
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      cn: ICP Test User
      uid: icptester
      givenName: ICP Test User
      sn: icptester
      userPassword: password
      Where:
      • uid is the user ID of the new user. For example, icptester.
      • dc is the domain components that were specified for the suffix and baseDN. By default the value of this parameter is dc=mycluster,dc=icp.
      • userPassword is the password for this user.
      All other attributes in the file can be defined as shown in the code sample.
    3. Run the following command to create the new user.
      ldapadd -c -x -w $LDAP_BIND_PWD -D $LDAP_BIND_DN -H ldapi:/// -f filename.ldif
      Where:
      • LDAP_BIND_PWD is the password for the ldap_bind function, which asynchronously authenticates a client with the LDAP server. By default the value of this parameter is admin. You can also use the environment variable $LDAP_BIND_PWD directly with its predefined value.
      • LDAP_BIND_DN is an object in LDAP that can carry a password. In the example, the value is:
        'cn=admin,dc=mycluster,dc=icp'
        You can also use the environment variable $LDAP_BIND_DN directly with its predefined value.
      • filename is the name of the LDAP Data Interchange Format file that is defined in step 2b. In the example used there, filename is newuser.
  4. Add the user to an existing group.
    1. Create an LDAP Data Interchange Format file to add the user to a group.
      For example:
      vi addUsersToGroup.ldif
    2. Define the contents of the file by using a format similar to the following:
      dn: cn=icpadmins,ou=groups,dc=mycluster,dc=icp
      changetype: modify
      add: member
      member: uid=icptester,ou=users,dc=mycluster,dc=icp
    3. Run the following command to add the user to a group.
      ldapmodify -w $LDAP_BIND_PWD -D $LDAP_BIND_DN -H ldapi:/// -f filename.ldif
      Where:
      • LDAP_BIND_PWD is the password for the ldap_bind function, which asynchronously authenticates a client with the LDAP server. By default the value of this parameter is admin. You can also use the environment variable $LDAP_BIND_PWD directly with its predefined value.
      • LDAP_BIND_DN is an object in LDAP that can carry a password. In the example, the value is:
        'cn=admin,dc=mycluster,dc=icp'
        You can also use the environment variable $LDAP_BIND_DN directly with its predefined value.
      • filename is the name of the LDAP Data Interchange Format file that is defined in step 2b. In the example used there, filename is newuser.
  5. Check that the users and groups were added to LDAP by running the following command.
    ldapsearch -x -LLL -H ldapi:/// -b dc=mycluster,dc=icp