You can use the default driver to create local users. This enables a local store of users on the OP5 Monitor server.
Do not remove Default
We highly recommended that you always keep this driver configured with an admin account as a fallback, even if your system is primarily using LDAP. If anything goes wrong, you can use
'/usr/bin/op5-manage-users' to change the Administrator password and get into the setup.
When the Default driver is enabled, a configuration interface named Local Users appears in the OP5 Configuration.
On the Local Users page, each user has a real name. From here you can create a password, and control group memberships. Groups needs to be created in advance: see our page about Authorization in Authorization.
This driver stores the users in the configuration file '
All local user passwords are stored in '
/etc/op5/auth_users.yml', listed inside the user blocks such as the example below. The string that begins with "$1$VGn0" is a hash of the password "monitor":
realname: "Monitor Admin"
The monitor command that changes the local users, including their passwords, is
'/usr/bin/op5-manage-users' . Running this without any arguments prints its syntax help:
This is a small helper for adding/changing/deleting users in op5 Monitor.
/usr/bin/op5-manage-users --update --username=<username> (--password=<password>) \
--module=<module1> [--module=<modulen>] [--realname=<realname> --group=<group1> [--group=<groupn>]]
--username User's username
--password Password is only required if an authentication module that requires passwords is chosen
--module Authentication module that should be used for this user
--realname Full name of user
--group User's group memberships
/usr/bin/op5-manage-users --remove --username=<username>
Here is an syntax example for creating a new Monitor user, 'gord':
/usr/bin/op5-manage-users --update --username=gord --realname="Wheat King" --modules=Default --password=100thMeridian --group=admins
Here is the resulting content in '
realname: "Wheat King"
- 'op5-manage-users' does not append; it only overwrites every entry for the user. For example, attempting to change only the group of the user created earlier:
monitor: op5-manage-users --update --username=gord --group=limited_edit
...leads to this being the entire entry for the user. The password and all other entries have been removed:
monitor: gord: username: "gord" groups: - "limited_edit"
monitor: op5-manage-users --update --username=jfriday --realname="Sgt. Joe Friday" --group=admins --password=Badge714 --modules=Default
The resulting entry in '
auth_users.yml' can be difficult for a user to parse:
monitor: jfriday: username: "jfriday" password: "$1$DTVh5ZeF$Tm1WeJDyH2AaY3FQ21Li4." password_algo: "crypt" modules: - "Default" groups: - "admins" realname: "Sgt. Joe Friday"