HP-UX Directory Server 8.1 configuration, command, and file reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

201

202

203

204

205

206

207

208

209

210

Table 6-20 General ldappasswd options (continued)

DescriptionOption

Specifies the path, including the file name, of the private key database of the client. This can be the

absolute or relative (to the server root) path.

The -K option must be used when the key database is not called key3.db or when the key database

is not in the same directory as the certificate database (that is, the cert8.db file, the path for which

is specified with the -P option).

-K

Specifies the certificate name to use for certificate-based client authentication. For example:

-N Server-Cert

If this option is specified, then the -Z and -W options are required.

If this option is specified, then the -D and -w options must not be specified, or certificate-based

authentication will not occur, and the bind operation will use the authentication credentials specified

by -D and -w.

-N

Specifies the absolute path, including the file name, of the certificate database of the client. This

option is used only with the -Z option.

When used on a machine where an SSL-enabled web browser is configured, the path specified on

this option can be that of the certificate database for the browser. For example:

-P /security/cert.db

The client security files can also be stored on the Directory Server in the

/etc/opt/dirsrv/slapd-instance_name directory. In this case, the -P option would call out

a path and file name similar to the following:

-P /etc/opt/dirsrv/slapd-instance_name/client-cert.db

-P

Specifies the port number that the server uses. The default is 389. If -Z is used, the default is 636.-p

Specifies the token and certificate name, which is separated by a semicolon (:) for PKCS11.-Q

Specifies the password for the certificate database identified on the -P option. For example:

-W serverpassword

-W

Specifies the password associated with the distinguished name that is specified in the -D option.

For example:

-w diner892

The default is "", or anonymous.

If a password is not sent on the command line and the server requires one, the command prompts

for one. It is more secure not to provide a password on the command-line so that it does not show

up in clear text in a listing of commands.

-w

Specifies that SSL is to be used for the search request.

-Z

Specifies the Start TLS request. Use this option to make a cleartext connection into a secure one. If

the server does not support Start TLS, the command does not need to be aborted; it will continue

in cleartext.

-ZZ

Enforces the Start TLS request. The server must respond that the request was successful. If the server

does not support Start TLS, such as Start TLS is not enabled or the certificate information is incorrect,

the command is aborted immediately.

-ZZZ

6.7.4 ldappasswd SASL options

SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.

To learn which SASL mechanisms are supported, search the root DSE. See the -b option in

Table 6-3 “Commonly-used ldapsearch options”.

6.7 ldappasswd 209