Introduction
This guide covers essential tasks for LDAP management, from accessing your admin account to advanced configurations, utilizing both CLI and web browser interface.
Using CLI
Accessing Your Admin Account
Retrieve Admin User and Password:
- Locate the admin username in Morpheus' Cypher → secret/ipaadmin_username
- Locate the password in Morpheus' Cypher → password/ipaadmin
Then SSH into your LDAP instance with your admin account:
|
Users and Groups
Check user info
|
Check existing groups
|
Show group information
|
Verify in which the group is the user
|
Add a new user to a group
|
Reset password for user
|
Add ssh keys for user
|
List active users
|
Add new user
|
Change password expiration
|
DNS
DNS server forwarders
check which DNS server are present in LDAP
|
DNS server add a forwarder
Add a forwarder DNS server to LDAP (e.g. 8.8.8.8)
|
for multiple forwarders
|
Hosts
List hosts registered
|
Show host
|
Remove host
|
List DNS zone
|
List DNS records in a DNS zone
|
Remove all associated DNS records from a DNS resource in a DNS zone
|
Advanced
Add sudo rule to a group
Verify if a group exists
|
Check if sudo rules exist
|
Create a sudo rule
The following sudo rules give access to everything, it can be customized with specific commands and more, see help for more information
|
Add a sudo rule to a group
|
Using web browser interface
Accessing Your Admin Account
Retrieve Admin User and Password:
- Locate the admin username in Morpheus' Cypher → secret/ipaadmin_username
- Locate the password in Morpheus' Cypher → password/ipaadmin
Then SSH into your LDAP instance with your admin account:
|
Then start the IPA Server Control Interface by running:
|
Now reboot the LDAP VM. Find the IP address of your remote-desktop instance and use the x2goclient to access it.
When you're in, right-click the desktop, launch a terminal, and run:
|
Once Firefox has launched, log in with the admin account and head over to Policy.
Create two sudo commands as show in the screenshot below.
Then click Sudo again and create a sudo rule called allow_all:
Click the command itself and check the boxes as show below:
Update the global policy for password expiration (default is 90 days which is a tad bit short):
After updating the password policy, reset the admin password so it adheres to the new policy and not the default 90 day one.
Update the default shell for users to bash instead of sh:
This guide is designed to help you efficiently manage LDAP tasks using both CLI and UI interfaces, ensuring a smooth and secure administration process.