Quick Reference

Cheatsheets

Practical command references for Linux, networking, servers, containers, databases, and more.

Cheatsheet#ldap-freeipa-cheatsheet

FreeIPA / LDAP Cheatsheet

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networks (essentially an open-source alternative to Active Directory).

Authentication

Before running any ipa commands, you must obtain a Kerberos ticket.

# Login as admin
kinit admin
 
# Check current Kerberos tickets
klist
 
# Destroy current tickets (Logout)
kdestroy

User Management

# List all users
ipa user-find
 
# Show details for a specific user
ipa user-show jdoe
 
# Add a new user
ipa user-add jdoe --first="John" --last="Doe" --password
 
# Modify user attributes (e.g., set login shell)
ipa user-mod jdoe --shell=/bin/zsh
 
# Reset user password
ipa passwd jdoe
 
# Disable (lock) a user account
ipa user-disable jdoe
 
# Enable (unlock) a user account
ipa user-enable jdoe

Group Management

# List all groups
ipa group-find
 
# Create a new group
ipa group-add developers --desc="Development Team"
 
# Add a user to a group
ipa group-add-member developers --users=jdoe
 
# Remove a user from a group
ipa group-remove-member developers --users=jdoe

Host (Client) Management

# List enrolled hosts
ipa host-find
 
# Add a host
ipa host-add server01.example.com --ip-address=192.168.1.100
 
# Remove a host
ipa host-del server01.example.com

HBAC (Host-Based Access Control) Policies

HBAC rules determine which users can log into which hosts.

# List HBAC rules
ipa hbacrule-find
 
# Add a new rule
ipa hbacrule-add allow_dev_ssh
 
# Add a user group to the rule
ipa hbacrule-add-user allow_dev_ssh --groups=developers
 
# Add a host group to the rule
ipa hbacrule-add-host allow_dev_ssh --hostgroups=dev_servers
 
# Add a service (e.g., sshd) to the rule
ipa hbacrule-add-service allow_dev_ssh --hbacsvcs=sshd