Seed and edit users

The directory is populated from editable tables, not by hand. Re-running a seed converges the domain to match the table, so the table is the source of truth.

Seed the whole cast

make seed

This reads the roster table in scripts/seed-users.sh and, for each row, creates the user (if missing) and sets their contact attributes. New users get the initial password Welcome@2026 — override it with USER_INITIAL_PASSWORD=....

Because fax has no samba-tool create flag, the script sets facsimileTelephoneNumber with ldbmodify after the account exists. make seed also wires up each user’s home directory (the [home] share plus the homeDirectory, homeDrive, and unixHomeDirectory attributes).

Verify a user and a home:

make show-user U=tommy.tutone     # contact attributes
make show-homes                   # home attributes + on-disk folders
make test-home U=marty.mcfly      # write then read a file over SMB

Edit the roster

The roster is a pipe-delimited table at the top of scripts/seed-users.sh:

username | First | Last | email | title | department | phone | fax

Add or change a row, then run make seed again. It is idempotent: existing users are updated in place, new rows are created. Nothing is deleted, so remove a user explicitly if you need to.

Add a single user

For a one-off account outside the roster:

make add-user U=jdoe P='S3cret!'

Add photos (optional)

Active Directory stores user portraits in thumbnailPhoto (what Outlook, Teams, and M365 read) and jpegPhoto (the LDAP equivalent for Linux tooling). make photos fetches a free-licensed portrait per user from Wikimedia Commons, crops it to 96x96, and loads both attributes:

make photos
make show-photo U=prince          # extract a stored photo back out to verify

Movie characters map to a portrait of the actor who played them; musicians map to their own. Per-image attribution is recorded in photos/CREDITS.txt.

Next

• Give users structure: Build the clinics.
• See the whole roster: cast reference.