LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

111

112

113

114

115

116

117

118

119

120

The ldapugadd tool uses a local configuration file, /etc/opt/ldapux/ldapug.conf, to

manage the default values of the uidNumber_range, gidNumber_range, user_gidNumber,

default_homeDirectory and default_loginShell parameters when creating user or

group entries to an LDAP directory server. See “LDAP UG Tool Configuration File” (page 167)

for details.

5.6.4.1 Examples of Adding a User

You can use ldapugadd to add new POSIX accounts or groups to an LDAP directory server.

Use LDAP_BINDDN to specify the Distinguished Name (DN) of a user with sufficient directory

server privilege to add users or groups in the directory server. Use LDAP_BINDCRED to specify

a password for the LDAP user specified by LDAP_BINDDN. Alternately, you can input LDAP

administrator bind identity and credential interactively with a prompt (-P) option.

The LDAP_UGCRED environment variable specifies the new password of a user or group being

created. You must specify the -PW option when using LDAP_UGCRED. The use of passwords for

new groups is not recommended. Alternately, you can use the -PP command option to prompt

for the password of the user or group being created.

Below are examples of using ldapugadd to add user entries.

Run the following command to set the LDAP_BINDDN and LDAP_BINDCRED environment

variables

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com" export LDAP_BINDCRED = "Jane's password"

Run the following command to specify the LDAP_URCRED environment variable:

export LDAP_UGCRED = "user_password"

Run the following commands to discover what non-POSIX attributes defined in the default

template file are required to create the new user entry:

cd /opt/ldapux/bin ./ldapcfinfo

-t passwd -R

The output of the commands is as follows

Surname

The following commands add an account entry for the user, mtam, with the user's primary login

group id, 200. ldapugadd creates the password for new user, mtam, using the user password

specified in the LDAP_UGCRED environment variable. After creating the user entry, ldapugadd

attempts to add this user as a member of the group number 200.

Run the following command to create the new account entry for the user, mtam:

./ldapugadd -t passwd -PW -f "Mike Tam" -g

200 mtam surname="Tam"

Run the following command to display the new user entry, mtam:

./ldapuglist -t passwd -n mtam

Below is the user entry:

dn: cn=Mike Tam,ou=people,dc=example,dc=com

cn: Mike Tam uid: mtam uidNumber: 2200 gidNumber: 200 homeDirectory:

/home/mtam loginShell: /usr/bin/ksh

The following command adds an account entry for the user, jsmart, with the user's primary

jsmart, using the user password specified in the LDAP_UGCRED environment variable. After

creating the user entry, ldapugadd attempts to add this user as a member of the group number

200. The ldapugadd tool dynamically assigns the uidNumber value from the pre-configured

range.

./ldapugadd -t passwd -PW -f "John Smart" -g

200 jsmart surname="Smart"

Run the following command to display the new user entry, jsmart:

116 Administering LDAP-UX Client Services