User management in a TrinityX cluster
User management in TrinityX is handled by a utility called obol. Obol is a simple wrapper around
LDAP commands to update the local LDAP directory installed by default. It supports both user and
group management almost the same way those would be handled by the default Linux utilities.
Obol
Obol can manage users and groups on the local LDAP directory and it supports the following attributes for users:
| Attribute | Description |
|---|---|
| password | User’s password |
| cn | User’s name (common name) |
| sn | User’s surname |
| givenName | User’s given name |
| group | The primary group the user belongs to |
| uid | The user’s ID |
| gid | The primary group’s ID |
| Email address of the user | |
| phone | Phone number |
| shell | Default shell |
| groups | A comma separated list of additional group names to add the user to. |
| expire | Number of days after which the account expires. If set to -1, the account will never expire |
To create or modify a user, run:
obol user add|modify ...
Please note that running obol commands requires root privileges.
Managing groups is similarly achieved using:
obol group [command] ....
Where [command] can either be add, show, delete, list, addusers, or delusers For the full list of the commands supported by Obol, run:
obol user -h
obol user [command] -h
obol group -h
obol group [command] -h
Graphical User management
For ease of use, TrinityX comes with a graphical user interface to manage users.
By default only users, member of the admins group have permission to use this application and as such, manage users.
Authentication backends
TrinityX installations come with an OpenLDAP directory by default. This directory is used for authentication across the cluster. TrinityX does support other backends as well like Active Directory (AD) or Native IPA.
Note: Luna has a secrets mechanism designed to store e.g. keytabs or any other node specific 'secret'.