1 mailto(admin@db.debian.org)
2 manpage(ud-info)(1)(17 Sep 1999)(userdir-ldap)()
3 manpagename(ud-info)(Command line LDAP user record manipulator)
10 ud-info is the command-line tool for end users to manipulate their own
11 database information and to view other users information. It also provides
12 root functions which when combined with sufficient LDAP privilages allow
13 an administrator to completely manipulate a users record.
15 The defined fields are:
17 it() cn - Common (first) name. [root]
18 it() mn - Middle name or initial. [root]
19 it() sn - Surname (last name). [root]
20 it() cn - ISO 3166 country code, see file(/usr/share/zoneinfo/iso3166.tab)
22 it() ircnick - IRC nickname.
23 it() l - City name, state/province. The part of a mailing address that is
24 not the street address. e.g.: Dallas, Texas
25 it() postalcode - Postal Code or ZIP Code
26 it() postaladdress - Complete mailing address including postal codes and
27 country designations. Newlines are seperated by a $ character. The
28 address should be formed exactly as it would appear on a parcel.
29 it() latitude/longitude - The physical latitude and longitude. This
30 information is typically used to generate an xearth marker file.
31 See the discussion below on position formats.
32 it() facsimiletelephonenumber - FAX phone number, do not forget to specify a
33 country code [North Armerica is +1].
34 it() telephonenumber - Voice phone number.
35 it() loginshell - Full path to the prefered Unix login shell. e.g. file(/bin/bash)
36 it() emailforward - Destination email address.
37 it() userpassword - Encrypted version of the password. [root]
38 it() sshrsaauthkey - SSH RSA public authentication key.
39 it() supplementarygid - A list of group names that the user belongs.
40 This field emulates the functionality of the traditional Unix group
42 it() dnszoneentry - A list of zone file fragments that are placed in
43 the zone file for debian.net. [root]
44 it() allowedhosts - Permits access to hosts outside of the group list. [root]
45 it() onvacation - A message indicating that the user is on vacation. The
46 time of departure and expected return date should be included as
47 well as any special instructions.
48 it() comment - Administrative comment about the account. [root]
49 it() labeledurl - User's web site.
52 When prompted for a password it is possible to enter a blank password and
53 access the database anonymously. This is useful to check PGP key
54 fingerprints, for instance.
56 manpagesection(SECURITY AND PRIVACY)
57 Three levels of information security are provided by the database. The first
58 is completely public information that anyone can see either by issuing an
59 LDAP query or by visiting the web site. The next level is "maintainer-only"
60 information that requires authentication to the directory before it can be
61 accessed. The final level is admin-only or user-only information; this
62 information can only be viewed by the user or an administrator.
64 Maintainer-only information includes precise location information
65 [postalcode, postal address, lat/long] telephone numbers, and the vacation
68 Admin-only/user-only information includes email forwarding, ssh keys and
69 the encrypted password. Note that email forwarding is necessarily publicly
70 viewable from accounts on the actual machines.
72 manpagesection(LAT/LONG POSITION)
73 There are three possible formats for giving position information and several
74 online sites that can give an accurate position fix based on mailing address.
78 The format is +-DDD.DDDDDDDDDDDDDDD. This is the format programs like
80 use and the format that many positioning web sites use. However typically
81 the precision is limited to 4 or 5 decimals.
83 dit(Degrees Minutes (DGM))
84 The format is +-DDDMM.MMMMMMMMMMMMM. It is not an arithmetic type, but a
85 packed representation of two seperate units, degrees and minutes. This
86 output is common from some types of hand held GPS units and from NMEA format
89 dit(Degrees Minutes Seconds (DGMS))
90 The format is +-DDDMMSS.SSSSSSSSSSS. Like DGM, it is not an arithmetic type but
91 a packed representation of three seperate units, degrees minutes and
92 seconds. This output is typically derived from web sites that give 3 values
93 for each position. For instance 34:50:12.24523 North might be the position
94 given, in DGMS it would be +0345012.24523.
97 For Latitude + is North, for Longitude + is East. It is important to specify
98 enough leading zeros to dis-ambiguate the format that is being used if your
99 position is less than 2 degrees from a zero point.
101 So locations to find positioning information are:
104 it() Good starting point - http://www.ckdhr.com/dns-loc/finding.html
105 it() AirNav - GPS locations for airports around the world http://www.airnav.com/
106 it() GeoCode - US index by ZIP Code http://www.geocode.com/eagle.html-ssi
107 it() Map Blast! Canadian, US and some European maps - http://www.mapblast.com/
108 it() Australian Database http://www.environment.gov.au/database/MAN200R.html
109 it() Canadian Database http://GeoNames.NRCan.gc.ca/
110 it() Atlas of the World, indexed by city http://www.astro.com/atlas/
111 it() GNU Timezone database, organized partially by country /usr/share/zoneinfo/zone.tab
114 Remember that we are after reasonable coordinates for drawing an xearth
115 graph and looking for people to sign keys, not for coordinates accurate
116 enough to land an ICBM on your doorstop!
118 manpagesection(EDITING SUPPLEMENTAL GIDS)
119 When the root function is activated then the supplemental GIDs can be
120 manipulated as a list of items. It is possible to add and remove items from
121 the list by name. Proper prompts are given. A similar editing function is
122 made available for the host acl list.
124 manpagesection(ENCRYPTION PUBLIC KEYS)
125 The directory associates two types of public encryption keys with the user,
126 a PGP key fingerprint and a SSH RSA authentication key. It is not possible for
127 a user to change their associated key fingerprint, that can only be done by
128 the keyring maintainers after performing reasonable verification of the new
129 key. Who ever controls the PGP key can make any modification to the LDAP
130 account by using the PGP mail gateways.
132 SSH RSA authentication keys are used by the SSH protocol to authenticate a
133 user based on a cryptographic challenge. These keys pairs are created by the
134 ssh-keygen program. The public version that is stored in the directory is
135 generally placed in a file called identity.pub. SSH RSA authentication keys
136 are password equivelents, whoever has the private half of the key can use it
137 to login to any machine, but not affect changes to the LDAP entry. SSH
138 authentication keys are kept private.
143 Set the authentication user. This is the user whose authority is used when
144 accessing the LDAP directory. The default is to use the current system user
148 Select the user whose fields will be displayed/edited. The default is to use
149 the current system user name.
152 Set both the authentication user and the target user. This option is useful
153 if the login name does not match the user who is operating the program.
156 Enable root functions. This enables more options to allow changing
157 any entry in the directory. This function only has meaning if the
158 authentication user has the necessary permissions at the LDAP server.
161 No actions. Anonymously bind and show the information for the user and then
167 it() /etc/userdir-ldap/userdir-ldap.conf
168 Configuration variables to select what server and what base DN to use.
172 userdir-ldap was written by Jason Gunthorpe <jgg@debian.org>.