LDAP user
=========

All of our tools and services are accessed with a personal LDAP user. 

Interactive LDIF
----------------

Feel free to use the following **interactive** LDIF's to create the LDAP user & group memeberships.

.. raw:: html

    <input type="text" id="ldap-first-name" placeholder="First name">
    <input type="text" id="ldap-last-name" placeholder="Last name">
    <div style="margin-bottom: 24px;"></div>
    
Add the user in the ``ou=users,dc=confirm,dc=ch`` tree:

.. code-block:: text

    dn: uid=fbloggs,ou=users,dc=confirm,dc=ch
    changetype: add
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: person
    objectClass: top
    objectClass: qmailUser
    uid: fbloggs
    givenName: Fred
    sn: Bloggs
    cn: Fred Bloggs
    mail: fbloggs@confirm.ch
    mailAlternateAddress: fbloggs@confirm.ninja
    mailAlternateAddress: f.bloggs@confirm.ch
    mailAlternateAddress: f.bloggs@confirm.ninja
    mailAlternateAddress: fred@confirm.ch
    mailAlternateAddress: fred@confirm.ninja
    mailAlternateAddress: fb@confirm.ch
    mailAlternateAddress: fb@confirm.ninja
    userPassword:: e1NTSEF9WFM4RnlkeG1iTWlTVm15c3lwMW0wdUdFRnFHTENBbkY4NzZRUHc9PQ=

.. important::

    The password in the LDIF is set to ``PleaseLetMeIn!``. Please set a new one via the LDAP utility or instruct the colleague to change it immediately.

    Please also check if there's already another user with the same shortcut ``mailAlternateAddress``.

Add the user to the required LDAP groups under the ``ou=groups,dc=confirm,dc=ch`` tree.

.. code-block:: text

    #
    # Required group memberships.
    #

    # Give Fred access to our employee tools.
    dn: cn=employees,ou=groups,dc=confirm,dc=ch
    changetype: modify
    add: member
    member: uid=fbloggs,ou=users,dc=confirm,dc=ch
    
    # Give Fred access to the ERP.
    dn: cn=erp,ou=groups,dc=confirm,dc=ch
    changetype: modify
    add: member
    member: uid=fbloggs,ou=users,dc=confirm,dc=ch
    
    #
    # Optional group memberships.
    #

    # Give Fred access to the WebDAV share (e.g. for Enpass sync).
    dn: cn=webdav,ou=groups,dc=confirm,dc=ch
    changetype: modify
    add: member
    member: uid=fbloggs,ou=users,dc=confirm,dc=ch

    # Give Fred access to our blog.
    dn: cn=blog,ou=groups,dc=confirm,dc=ch
    changetype: modify
    add: member
    member: uid=fbloggs,ou=users,dc=confirm,dc=ch
   
.. note::

    Just replace all the values of the LDIF with the real values, then run the LDIF via an LDAP client or browser, such as `Apache Directory Studio <https://directory.apache.org/studio/>`_.