AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

0 billet(s) pour février 2026

Notes LDAP

Voir :

Scripts :

Interface Web de changement de MDP compte utilisateur :

Interface d'admin

Voir PhpLDAPadmin 

apt-get install cockpit-389-ds

Interface WebUI

Création de compte LDAP

Trouver le ''uidNumber'' maximal

Si accès console sur le serveur : 

slapcat |grep uidNumber |awk '{print $2}' |sort -n
slapcat |grep gidNumber |awk '{print $2}' |sort -n

Sinon : Find max uidNumber on LDAP
Dans mon cas ça n'a pas fonctionné. 

ldapsearch -H ldaps://your-ldap-domain -D "cn=Manager,dc=domain,dc=com" -W | awk '/uidNumber: / {print $2}' | sort | tail -n 1

Source : https://www.dynobin.com/linux-find-max-uidnumber-on-ldap/

Vérifier / lister les compte locké / verrouillés

ldapsearch -x -b "dc=acme,dc=fr" '(&(objectclass=shadowaccount)(shadowexpire=0))' uid

Les filtres

curl -u USERNAME 'ldap://192.168.0.66/CN=Users,DC=training,DC=local?sAMAccountName?sub?(ObjectClass=*)'
$ curl "ldap://localhost:1389/dc=example,dc=com?homephone?sub?cn=*amar" \
     -u "cn=directory manager"
Enter host password for user 'cn=directory manager':
DN: uid=mathieu,ou=People,dc=example,dc=com
    homephone: +1 225 216 5900
ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" |egrep -5 -i --color openstack
ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' uid
ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' sAMAccountName

Afficher les membres d'un groupe CN 

ldapsearch -x -LLL -D "admin" -y ~/.ldap_pass -b "CN=groupe1,OU=Ressources Exchange,DC=acme,DC=fr" member

Autre 

ldapsearch -h ldap.acme.fr -D "admin@acme.local" -W  -b "ou=04 - Direction technique,ou=Paris,dc=acme,dc=local" "(&(objectclass=user))"   \
     -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(OU=Paris,OU=Groups,DC=acme,DC=local))" mail
/etc/ldap/ldap.conf
BASE    dc=acme,dc=fr
URI     ldap://192.168.20.153
SIZELIMIT       2000
echo -n P@ssw0rd > ~/.ldap_pass
chmod 600 !$
ldapsearch -x -LLL -D "admin" -y ~/.ldap_pass -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' cn

Cherche le login d'un utilisateur 

#echo |ldapsearch -E pr=1000 -D "admin" -y ~/.ldap_pass sAMAccountName |egrep -i marley
echo |ldapsearch -LLL -o ldif-wrap=no -D "admin" -y ~/.ldap_pass sAMAccountName=marley sAMAccountName
 
# MARLEY Robert, Utilisateurs, SERVICE_INFRA
dn: CN=MARLEY Robert,OU=Utilisateurs,OU=SERVICE_INFRA
sAMAccountName: MARLEY

No wrap 

-o ldif-wrap=no

ldapsearch authentification Kerberos GSSAPI

export KRB5CCNAME=/var/lib/sss/db/ccache_ACME.LOCAL
ldapsearch -H ldap://srv_ldap.acme.local -Y GSSAPI -N -b "DC=ACME,DC=SVC" "(sAMAccountName=user_01)" mail description 2>/dev/null | grep "dn:\|description:\|mail:"

Netgroup

nisNetgroupTriple correspond aux utilisateurs
memberNisNetgroup correspond aux autres netgroups

Netgroup

Voir http://articles.mongueurs.net/magazines/linuxmag67.html

/etc/nsswitch.conf
netgroup: ldap 
getent netgroup sysadmin
 
getent netgroup $(hostname -s)
ipa netgroup-add --desc="Netgroup description" --nisdomain="example.com" example-netgroup
 
ipa netgroup-add-member --users=user_name --groups=group_name --hosts=host_name \
     --hostgroups=host_group_name --netgroups=netgroup_name group_nameame
 
 
ipa netgroup-add-member --users={user1;user2,user3} \
     --groups={group1,group2} example-group
nisNetgroupTriple: This can be used to describe a user (,bobby,example.com) or a machine name (shellserver1,,example.com). This attribute can have multiple values.
memberNisNetgroup: This is a very powerful attribute. It is used to merge the attribute values of another netgroup into the current one by simply listing the name (cn) of the merging netgroup. This attribute can have multiple values as well.
+ : @QAUsers@@QASystems : 10.
+ : root : LOCAL    
+ : @Admins : 10.    
- : ALL : ALL    
account required pam_access.so accessfile=/etc/security/access.netgroup.conf

https://support.hpe.com/hpesc/public/docDisplay?docId=c02058091&docLocale=en_US

Autoriser l'accès que sur certains serveurs

/etc/security/access.conf
+:root:ALL
+:admin:ALL
+:@srv1:ALL
-:ALL:ALL

Dans notre exemple “srv1” correspond au hostname simple hostname -s de notre serveur

Pb

openldap sizelimit. Can't receive more than 500 entries

Solution -E pr=1000

Ou

/etc/ldap/ldap.conf
SIZELIMIT       2000
2025/03/24 15:06
, ,

LDAP script changement mot de passe en masse

Je viens de retrouver ce bout de code.

ldap_reset_account.sh 

#! /bin/bash
 
LDAP_BINDDN='cn=root,dc=acme,dc=corp'
LDAP_PASS=''
LDAP_SERVER='localhost'
LDAP_PORT='3890'
LDAP_SEARCHBASE='ou=people,dc=acme,dc=corp'
PASS_OLD_TXT='password'
FIC_TMP='/tmp/ldap-reset-password.ldif'
FIC_CSV='/tmp/ldap-newpassword.csv'
 
echo > $FIC_TMP
echo "dn;mail;pass" > $FIC_CSV
IFS_BCK="$IFS"
IFS=$'\t\n'
 
ALL_DN_ACCOUNT_OLDPASS="$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b $LDAP_SEARCHBASE "userPassword=$PASS_OLD_TXT" -D $LDAP_BINDDN -w $LDAP_PASS dn |grep ^dn:)"
 
for DN in $ALL_DN_ACCOUNT_OLDPASS
do
PASS_NEW_TXT=$(cat /dev/urandom  |tr -dc A-Za-z0-9 |head -c10 |tr -d "\n")
# GENERATION FICHIER LDIF
        echo $DN >>$FIC_TMP
        echo "changetype: modify" >>$FIC_TMP
        echo "replace: userPassword" >>$FIC_TMP
        echo "userPassword: $PASS_NEW_TXT" >>$FIC_TMP
        echo >> $FIC_TMP
# GENERATION CSV
        DN=$(echo $DN |sed -e 's/^dn: //')
        MAIL=$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b "$DN" -D $LDAP_BINDDN -w $LDAP_PASS mail |grep ^mail: |sed -e 's/^mail: //')
        echo "$DN;$MAIL;$PASS_NEW_TXT"
        echo "$DN;$MAIL;$PASS_NEW_TXT" >> $FIC_CSV
done
IFS="$IFS_BCK"
 
 
echo "ldapmodify -p $LDAP_PORT -h $LDAP_SERVER -D $LDAP_BINDDN -w $LDAP_PASS -f $FIC_TMP"

FIXME Tuto LDAP 

apt-get install slapd ldapscripts ldap-utils shelldap

Exemple d'un compte utilisateur 

dn: uid=prenom.nom.ext,ou=users,dc=truc,dc=domainad,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: prenom nom
gidNumber: 5400
givenName: prenom
homeDirectory: /home/prenom.nom.ext
initials: JB
loginShell: /bin/bash
mail: prenom.nom.ext@entreprise.com
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMin: 8
shadowWarning: 7
sn: nom
title: System Administrator
uid: prenom.nom.ext
uidNumber: 5400
userPassword: {SASL}prenom.nom.ext@truc.domainad.net

Tester la config 

slaptest
2025/03/24 15:06
, , , ,

Langues et traduction

Voir aussi :

  • codespell

Conjugaison

apt-get install verbiste verbiste-gnome

Dictionnaire

Stardict

Install 

sudo apt-get install stardict-xmlittre
GoldenDict
Install
sudo apt-get install goldendict
Config

Voir https://doc.ubuntu-fr.org/goldendict#dictionnaires_hors-ligne

Dark Mode
git clone --depth 1 https://github.com/yozhic/GoldenDict-Full-Dark-Theme

Déplacer le dossier styles et le dossier fonts dans ~/.config/goldendict/

Langues

Lien direct pour le dictionnaire Babylon français/anglais, et pour l'anglais/français.

Correcteur orthographique

Fedora Linux 39 :
Le correcteur orthographique Aspell n’est plus fourni, remplacé avantageusement par hunspell ou enchant2

2025/03/24 15:06
, , ,

Langage Groovy

Voir aussi :

Hello world

#! /usr/bin/env groovy
 
/* 
This is an example
*/
 
println "Hello World !"

Importer une class

/*
#from java.util import Date
#from java.text import SimpleDateFormat
*/
 
import java.util.Date
import java.text.SimpleDateFormat

Fichier java .class

test.groovy 

#! /usr/bin/env groovy
 
println "Test1"
 
class echo1 {
        def name;
        String hello() {
                println "Test2"
                return name
        }
}
groovyc test.groovy 
$ strings test.class |grep -i test
test
test.groovy
Ltest;
Test1

$ file *.class
echo1.class: compiled Java class data, version 49.0 (Java 1.5)
test.class:  compiled Java class data, version 49.0 (Java 1.5)
$ groovy --classpath=. test
Test1
$ groovy --classpath=. test.groovy
Test1

Pb

Pb WARNING: An illegal reflective access operation has occurred
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (file:/usr/share/groovy/lib/groovy-2.4.21.jar) to method java.lang.Object.finalize()
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Pb Error: Could not find or load main class test
$ java -cp . test
Error: Could not find or load main class test
Caused by: java.lang.NoClassDefFoundError: groovy/lang/Script
Solution
java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD test
Pb Error: Main method not found in class xxx
$ java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD echo1
Error: Main method not found in class echo1, please define the main method as:
   public static void main(String[] args)
or a JavaFX application class must extend javafx.application.Application
Solution

Voir : https://www.yawintutor.com/main-method-not-found-javafx-application-class/

test.groovy 

#! /usr/bin/env groovy
 
package com.plop;
 
public class Hello {
        public static void main(String[] args) {
                System.out.println("Hello World");
        }
}
java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD com/plop/Hello
2025/03/24 15:06
, ,

Langage C sans compiler - Script en C

Classique

hello.c 

#include<stdio.h>
 
int main(void)
{
        puts("Hello world !");
        return 0;
 
}
gcc hello.c
./a.out
Hello world !

Autre façon

sudo apt-get install tcc
tcc -run hello.c

Ou encore on peut ajouter un shebang mais le fichier ne sera plus conforme au langage C.

hello.c 

#! /usr/bin/tcc -run
 
#include<stdio.h>
 
int main(void)
{
        puts("Hello world !");
        return 0;
 
}
2025/03/24 15:06
, ,

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki