... | ... | @@ -447,27 +447,39 @@ More specifically, this is what happens: |
|
|
|
|
|
TODO: walk through ud-generate. more explicitely.
|
|
|
|
|
|
### LDAP fields
|
|
|
|
|
|
| User field | Meaning |
|
|
|
| ---------- | ------- |
|
|
|
| `emailForward` | address to forward email to |
|
|
|
| `gecos` | GECOS metadata field |
|
|
|
| `gidNumber` | Primary numeric group identifier, the UNIX GID |
|
|
|
| `loginShell` | UNIX login shell, grants user shell access, depending on gidNumber |
|
|
|
| `mailDisableMessage` | message to bounce messages with to disable an email account |
|
|
|
| `shadowExpire` | Account expiry (in days?) |
|
|
|
| `shadowInactive` | ? |
|
|
|
| `shadowLastChange` | Last change date (epoch seconds?) |
|
|
|
| `shadowMax` | ? |
|
|
|
| `shadowMin` | ? |
|
|
|
| `shadowWarning` | ? |
|
|
|
| `sshRSAAuthKey` | SSH public keys |
|
|
|
| `sudoPassword` | `sudo` passwords on different hosts |
|
|
|
| `supplementaryGid` | Extra groups GIDs the user is a member of |
|
|
|
| `uidNumber` | Numeric user identifier, the UNIX UID, not to be confused with the above |
|
|
|
| `uid` | User identifier, the user's *name* |
|
|
|
| `userPassword` | LDAP password field, stripped of the `{CRYPT}` prefix to be turned into a UNIX password if relevant |
|
|
|
### LDAP user fields
|
|
|
|
|
|
| User field | Meaning |
|
|
|
| ---------- | ------- |
|
|
|
| `cn` | "common name" AKA "last name" |
|
|
|
| `emailForward` | address to forward email to |
|
|
|
| `gecos` | GECOS metadata field |
|
|
|
| `gidNumber` | Primary numeric group identifier, the UNIX GID |
|
|
|
| `homeDirectory` | UNIX `$HOME` location, unused |
|
|
|
| `ircNick` | IRC nickname, informative |
|
|
|
| `keyFingerprint` | OpenPGP fingerprint, grants access to email gateway |
|
|
|
| `labeledURI` | home page? |
|
|
|
| `loginShell` | UNIX login shell, grants user shell access, depending on gidNumber |
|
|
|
| `mailCallout` | ? |
|
|
|
| `mailContentInspectionAction` | ? |
|
|
|
| `mailDefaultOptions` | ? |
|
|
|
| `mailGreylisting` | ? |
|
|
|
| `mailDisableMessage` | message to bounce messages with to disable an email account |
|
|
|
| `rtcPassword` | previously used in XMPP authentication, unused |
|
|
|
| `samba*` | many samba fields, unused |
|
|
|
| `shadowExpire` | Account expiry (in days?) |
|
|
|
| `shadowInactive` | ? |
|
|
|
| `shadowLastChange` | Last change date (epoch seconds?) |
|
|
|
| `shadowMax` | ? |
|
|
|
| `shadowMin` | ? |
|
|
|
| `shadowWarning` | ? |
|
|
|
| `sn` | "surname" AKA "first name" |
|
|
|
| `sshRSAAuthKey` | SSH public keys |
|
|
|
| `sudoPassword` | `sudo` passwords on different hosts |
|
|
|
| `supplementaryGid` | Extra groups GIDs the user is a member of |
|
|
|
| `uidNumber` | Numeric user identifier, the UNIX UID, not to be confused with the above |
|
|
|
| `uid` | User identifier, the user's *name* |
|
|
|
| `userPassword` | LDAP password field, stripped of the `{CRYPT}` prefix to be turned into a UNIX password if relevant |
|
|
|
|
|
|
[cdbmake(1)]: https://manpages.debian.org/cdbmake.1
|
|
|
|
... | ... | |