23.4.9 Adding Users to a Group in LDAP

To add users to an existing group in LDAP:

  1. Create an LDIF file that defines the users that should be added to the memberuid attribute for the group, for example employees-add-users.ldif:

    dn: cn=employees,ou=Groups,dc=mydom,dc=com
    changetype: modify
    add: memberUid
    memberUid: arc815
    
    dn: cn=employees,ou=Groups,dc=mydom,dc=com
    changetype: modify
    add: memberUid
    memberUid: arc891
    
    ...
  2. If you have configured LDAP authentication, use the following command to add the group to LDAP:

    # ldapmodify -xcWD "cn=admin,dc=mydom,dc=com" \
      -f employees-add-users.ldif
    Enter LDAP Password: user_password
    modifying entry "cn=employees,ou=Groups,dc=mydom,dc=com"
    ...

    If you have configured Kerberos authentication, use kinit to obtain a ticket granting ticket (TGT) for the admin principal, and use this form of the command:

    # ldapmodify -f employees-add-users.ldif
  3. Verify that the group has been updated in LDAP:

    # ldapsearch -LLL -x -b "dc=mydom,dc=com" gidNumber=626
    dn: cn=employees,ou=Groups,dc=mydom,dc=com
    cn: employees
    gidNumber: 626
    objectClass: top
    objectClass: posixGroup
    memberUid: arc815
    memberUid: arc891
    ...