Create a user group in OpenLDAP or Active Directory. For Active Directory, two ways of creating a user group are supported:
Users added to groups must be created in OpenLDAP or Active Directory with the following configuration parameters required for PPEM:
first_name: The first name of the user.
last_name: The last name of the user.
email: The email address of the user.
login: The login of the user.
password: The password of the user.
You must specify a value in the string
format for each parameter.
For more information about creating user groups, refer to the official OpenLDAP documentation or to the official Microsoft documentation on Active Directory.
Create a user group configuration file in the LDIF format and specify the following parameters:
dn:user_group_DNobjectClass: posixGroup cn:user_group_namegidNumber:user_group_IDmemberUid:user_ID
Where:
dn: The distinguished name (DN) of
the user group.
You can specify the following attributes:
cn: The unique name of the user
group.
ou: The organizational unit
where the user group will be located.
dc: The components of the
domain that will be associated with the user
group. For example, example.com.
cn: The unique name of the user
group.
gidNumber: The unique ID of the
user group.
memberUid: The unique IDs of users
that will be added to the group.
Create a user group in OpenLDAP:
ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f example-group.ldif
Where:
-D: The distinguished name of the
OpenLDAP administrator.
-W: The password request.
-f: The name of the user group
configuration file.
Ensure that the user group was created successfully:
ldapsearch -x -b "ou=groups,dc=example,dc=com" "(cn=examplegroup)"