Automatically create Users in SUSE Manager which are members of a LDAP group
We added a tool (sw-ldap-user-sync) to the spacewalk-utils package which can query a LDAP server for users be member of a specific group. These users are created as normal Users in SUSE Manager. Additional roles can be specified later using the WebUI or the API.
If a user is removed from the LDAP group he will be removed from SUSE Manager as well.
A working PAM authentication for SUSE Manager is required because the new created accounts will be setup to use PAM.
sw-ldap-user-sync has a configuration file /etc/rhn/sw-ldap-user-sync.conf . The format it YAML.
directory: user: uid=xyz,dc=example,dc=com password: xxx url: ldaps://ldap.example.com:636 group: cn=admin,ou=groups,dc=example,dc=com users: ou=people,dc=example,dc=com spacewalk: url: http://localhost/rpc/api user: spacewalk password: xxx
- user: User DN used for authentication at the LDAP server
- password: the password to authenticat at the LDAP server
- url: the URL to connect at the LDAP server
- group: the Group DN with member attributes to user DNs which should be setup in SUSE Manager
- users: subtree DN where the users are created in the LDAP server.
- url: The SUSE Manager API URL
- user: the username of a spacewalk admin who should create the users
- password: the SUSE Manager users password
The LDAP groups need to have the object class groupOfNames and the attribute member. The LDAP user objects need to have the object class posixAccount and the attributes givenName, sn, mail, uid.