LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

dn: cn=GroupC,ou=Group,dc=example,dc=com

cn: GroupC gidNumber: 500 MemberUid: alouie Description: A IT Group

Description: A Group Entry Description: Group C Entry

The following command adds the three members, atam, mlou, mscott, to the group entry,

groupA:

./ldapugmod -t group -a atam,mlou,mscott GroupA

The following command removes one member, atam from the group entry, groupA:

./ldapugmod -t group -r atam GroupA

Command Arguments

The following describes arguments/options used in the above examples for the ldapugmod -t

group commands:

-A <attrval>

Specifies an attribute and value to be added to an entry. When

working with multi-valued attributes, you can use the -A option to

add a new value for a multi-valued attribute, without removing

already existing values for that attributes.

-g <gidNumber>

Replaces the group's numeric id number.

-a <member>[,...]

Adds one or more members to the specified group. When specifying

a list of members, you must use a comma with no white space to

separate each member.

-r <member>[,...]

Removes one or more members from the specified group. When you

specify a list of members, you must use a comma with no white space

to separate each member.

5.6.7 Deleting a User or a Group

You can use ldapugdel to remove POSIX user and group entries from an LDAP directory

server. With the -O option, ldapugdel enables you to remove only POSIX related attributes

and object classes from a user or group entry without removing the entire entry.

The userPassword, uid, cn and description attributes are commonly used by most other

user and group schemas. With the -O option, the ldapugdel tool does not attempt to remove

these attributes. The uidNumber, gidNUmber, loginShell, homeDirectory, gecos and

memberUid are more unique to the POSIX schema, and are removed when the -O option is

specified. The ldapugdel -t passwd -O command removes the posixAccount object class

and following attributes:

• uidNumber

• gidNumber

• homeDirecotry

• loginShell

• gecos

Use the ldapugdel -t group -O command, ldapugdel removes the posixGroup object

class and following attributes:

• gidNumber

• memberUId

• userPassword

5.6.7.1 Examples

This section provides examples of using ldapugdel.

Use LDAP_BINDDN to specify the Distinguished Name (DN) of a user with sufficient directory

server privilege to delete users or groups in the LDAP directory server. Use LDAP_BINDCRED

5.6 User and Group Management 121