HP-UX Directory Server 8.1 configuration, command, and file reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

201

202

203

204

205

206

207

208

209

210

Table 6-16 ldapdelete SSL options (continued)

DescriptionOption

Specifies the path, including the file name, of the private key database of the client. Either the absolute

or relative (to the server root) path can be used. The -K option must be used when the key database

has a different name than key3.db or when the key database is not under the same directory as

the certificate database, the cert8.db file (the path for which is specified with the -P option).

-K

Specifies the certificate name to use for certificate-based client authentication. For example:

-N Server-Cert

If this option is specified, then the -Z and -W options are required. Also, if this option is specified,

then the -D and -w options must not be specified, or certificate-based authentication will not occur,

and the bind operation will use the authentication credentials specified on -D and -w.

-N

Specifies the absolute path, including the file name, of the certificate database of the client. This

option is used only with the -Z option.

When used on a machine where an SSL-enabled web browser is configured, the path specified on

this option can be pointed to the certificate database for the web browser. For example:

-P /security/cert.db

The client security files can be stored on the Directory Server in the

/etc/opt/dirsrv/slapd-instance_name directory. In this case, the -P option calls out a path

and file name similar to the following:

-P /etc/opt/dirsrv/slapd-instance_name/client-cert.db

-P

Specifies the token and certificate name, which is separated by a semicolon (:) for PKCS11.

-Q

Specifies the password for the certificate database identified on the -P option. For example:

-W serverpassword

-W

Specifies that SSL is to be used for the delete request.

-Z

Specifies the Start TLS request. Use this option to make a cleartext connection into a secure one. If

the server does not support Start TLS, the command does not need to be aborted; it will continue

in plain text.

-ZZ

Enforces the Start TLS request. The server must respond that the request was successful. If the server

does not support Start TLS, such as Start TLS is not enabled or the certificate information is incorrect,

the command is aborted immediately.

-ZZZ

6.6.4 ldapdelete SASL options

SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.

To learn which SASL mechanisms are supported, search the root DSE. See the -b option in

Table 6-3 “Commonly-used ldapsearch options”.

Table 6-17 SASL options

DescriptionOption

Specifies SASL options. The format is -osaslOption=value, where saslOption can have one

of these values:

• mech, the SASL authentication mechanism

• authid, the user who is binding to the server (Kerberos principal)

• authzid, a proxy authorization (ignored by the server since proxy authorization is not supported)

• secProp, the security properties

• realm, the Kerberos realm

• flags

The expected values depend on the supported mechanism. The -o can be used multiple times to

pass all the required SASL information for the mechanism. For example:

-o "mech=DIGEST-MD5" -o "authzid=test_user" -o "authid=test_user"

-o

206 Command-line utilities