/bin - scripts /etc - config/vars files *note* chmod to 400 if you pust password in here /templates - LDIF templates used by scripts /work - working directory for LDIFs used by ldapmodify commands /ldif - subdirectories where successfully run LDIFs are moved to Scripts The following scripts are used for account maintenance addgroup - Add a new user group and its users. add2group - Add a user to an existing group. addnetgroup - Add a new user or host netgroup. add2netgroup - Add a user or host to an existing netgroup. adduser - Add a new user. Many options and tweak adduser.ldif to match. delnetgroup - Delete a netgroup. deluser - Delete a user. dse - Show days since epoch, as used in some shadowAccount attributes. dspw - Generate a password hash using various methods for use in LDIF files. * requires OpenLDAP's slappasswd command - from openldap-servers RPM. Or use openssl command. expire-set - Set (change) a users password to expire in some number of days. expire - Expire a user - this cuts access off immediately. getpwinfo - Get users password LDIF info. lwho - Perform ldap query. pwchg - Forces a user to change their password immediately. pwextend - Extend a password n number of days or 90 without n. pwlast - Set last password change date. pw-set - Set (change) a users password. unexpire - Unexpire a user previously expired. shadowAccount attributes The following attributes are used to control user account and password expiry. Initially set in adduser.ldif files. These are used in various ways by the above scripts. shadowLastChange - the number of days between January 1, 1970 and the day when the user password was last changed in the /etc/shadow file. shadowExpire - the date on which the user login will be disabled. shadowInactive - the number of days of inactivity allowed for the user. shadowMax - the maximum number of days the user password remains valid. shadowMin - the min number of days required between password changes. shadowWarning - the number of days of advance warning given to the user before the user password expires. shadowFlag - Reserved attribute, not currently in use.