Creating a user and adding a user to a group
Use LDAP to create a new user and add that user to an existing group. You can also add an existing user to an existing group.
Before you begin
During the installation of Netcool®
Operations Insight® you must communicate with the cluster from the command line, using the Kubernetes command line interface kubectl
, You must configure the command line on your terminal to communicate with the cluster using the Kubernetes command line interface kubectl
.
Procedure
-
Run the following command to retrieve the identifier of the LDAP Proxy Server pod.
Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view)..kubectl get pods | grep release_name-openldap-0
-
Log in to the LDAP Proxy Server pod.
Where openldap_pod_id is the identifier of the LDAP Proxy Server pod.kubectl exec openldap_pod_id -it -- /bin/bash
Proceed as follows:If you want to... Then... Create a new user and add it to a group. Go to the next step. Add an existing user to a group. Go to step 3 -
Create the new user.
-
Create an LDAP Data Interchange Format file to define the new user.
For example:
vi newuser.ldif
-
Define the contents of the LDIF file that you created by using a format similar to this
example:
Where:dn: uid=icptester,ou=users,dc=mycluster,dc=icp objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: ICP Test User uid: icptester givenName: ICP Test User sn: icptester userPassword: password
uid
is the user ID of the new user. For example,icptester
.dc
is the domain components that were specified for the suffix and baseDN. By default the value of this parameter isdc=mycluster,dc=icp
.userPassword
is the password for this user.
-
Run the following command to create the new user.
Where:ldapadd -c -x -w $LDAP_BIND_PWD -D $LDAP_BIND_DN -H ldapi:/// -f filename.ldif
LDAP_BIND_PWD
is the password for theldap_bind
function, which asynchronously authenticates a client with the LDAP server. By default the value of this parameter isadmin
. You can also use the environment variable $LDAP_BIND_PWD directly with its predefined value.LDAP_BIND_DN
is an object in LDAP that can carry a password. In the example, the value is:
You can also use the environment variable $LDAP_BIND_DN directly with its predefined value.'cn=admin,dc=mycluster,dc=icp'
filename
is the name of the LDAP Data Interchange Format file that is defined in step 2b. In the example used there,filename
isnewuser
.
-
Create an LDAP Data Interchange Format file to define the new user.
-
Add the user to an existing group.
-
Create an LDAP Data Interchange Format file to add the user to a group.
For example:
vi addUsersToGroup.ldif
-
Define the contents of the file by using a format similar to the following:
dn: cn=icpadmins,ou=groups,dc=mycluster,dc=icp changetype: modify add: member member: uid=icptester,ou=users,dc=mycluster,dc=icp
-
Run the following command to add the user to a group.
Where:ldapmodify -w $LDAP_BIND_PWD -D $LDAP_BIND_DN -H ldapi:/// -f filename.ldif
LDAP_BIND_PWD
is the password for theldap_bind
function, which asynchronously authenticates a client with the LDAP server. By default the value of this parameter isadmin
. You can also use the environment variable $LDAP_BIND_PWD directly with its predefined value.LDAP_BIND_DN
is an object in LDAP that can carry a password. In the example, the value is:
You can also use the environment variable $LDAP_BIND_DN directly with its predefined value.'cn=admin,dc=mycluster,dc=icp'
filename
is the name of the LDAP Data Interchange Format file that is defined in step 2b. In the example used there,filename
isnewuser
.
-
Create an LDAP Data Interchange Format file to add the user to a group.
-
Check that the users and groups were added to LDAP by running the following command.
ldapsearch -x -LLL -H ldapi:/// -b dc=mycluster,dc=icp