LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

to specify a password for the LDAP user specified by LDAP_BINDDN. Alternately, you can input

LDAP administrator bind identity and credential interactively with a prompt (-P) option.

Run the following commands to specify the LDAP_BINDDN and LDAP_BINDCRED environment

variables:

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=exmple,dc=com" export LDAP_BINDCRED = "Jane's password"

Run the following commands to delete the entire user account entry, skeith:

cd /opt/ldapux/bin ./ldapugdel

-t passwd skeith

Run the following command to delete only the posixAccount object class and associated attributes,

uidnumber, gidNumber, homeDirectory, loginShell and gecos, without delete the entire

user entry, msmith:

./ldapugdel -t passwd -O msmith

Run the following command to delete the entire group entry with the Distinguished Name,

“cn=groupA,ou=groups,dc=example,dc=com":

./ldapugdel -t group -D "cn=groupA,ou=groups,dc=example,dc=com"

Run the following command to delete only the posixGroup object class and associated attributes,

gidNumber, memberUid and userPassword, without delete the entire group entry, groupB:

./ldapugdel -t group -O groupB

Command Arguments

The following describes the ldapugdel options and arguments used in the above examples:

-t <type> Specifies the type of entry the ldapugdel tool needs to delete. <type> can be

passwd or group. The passwd type represents LDAP user entries which contain

POSIX account-related information. The group type represents LDAP group

entries which contains POSIX group-related information.

-O Allows the ldapugdel tool to delete only the posixAccount or posixGroup object

class and associated attributes, without deleting the entire user or group entry.

-D The ldapugdel tool searches for the named user or group using the search rules

defined by the service search descriptor in LDAP-UX configuration profile. You

can use the -D option to specify the Distinguished Name (DN) of the entry being

deleted. You can specify only one of -D, <uid_name> or <group_name>

parameter on the command line.

5.6.8 Checking LDAP-UX Configuration

The ldapcfinfo tool provides several capabilities used to report LDAP-UX configuration and

status. When used specifically with the LDAP user and group tools, ldapcfinfo can be used

to discover LDAP-UX configuration details about required attributes when adding new users

or groups to an LDAP directory server.

5.6.8.1 Checking if LDAP-UX is Configured

Use the ldapcfinfo -t <type> command to check to see if the LDAP-UX is properly

configured for a specified service. The valid <type> value can be passwd, group, netgroup,

services, rpc, hosts, networks, automount, publickey, protocols and pam.

The following commands check to see if LDAP-UX is properly configured for the passwd service:

cd /opt/ldapux/bin ./ldapcfinfo

-t passwd

Assume that LDAP-UX is properly configured, below is the output of the above command:

INFO: CFI_CONFIG_SUCCESS: "passwd"

service appears properly configured for LDAP-UX operation

122 Administering LDAP-UX Client Services