LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

161

162

163

164

165

166

167

168

169

170

of the -F option is not recommended, and will not succeed if the

directory server does not support the memberUid attribute.

The ldapugadd tool follows the same membership syntax as

defined by the LDAP_UX configuration profile attribute mapping.

Specifically, if the LDAP-UX has mapped the RFC 2307 group

membership attribute, memberUid, to a DN-based membership

attribute such as member or uniqueMember, then ldapugadd

defines membership using the DN of the specified user. If the

memberUid attribute has been mapped to more than one attribute

type, ldapugadd uses the first attribute defined by the mapping.

NOTE: If the ldapugadd tool can only add members that follow

a static membership syntax (such as memberUid, member and

uniqueMember) to a group. The ldapugadd tool will fail if the

only mapping defined by the LDAP-UX configuration profile uses

a dynamic group membership syntax (such as memberURL).

-c <comment> Optional. Specifies a comment that is stored in the description

attribute as defined by RFC 2307. LDAP-UX does not support

attribute mappings for the description attribute. If you do not

specify this option, the description attribute is not added to the

group entry.

-T <template_file>

Optional. Specifies the LDIF template file that is used to create new

group entries. If you do not specify the -T option, ldapugadd uses

the default template file either /etc/opt/ldapux/

ug_templates/ug_passwd_default.tmpl or /etc/opt/

ldapux/ug_templates/ug_group_default.tmpl depending

on the service type you specify (-t passwd or -t group).

The <template_file> parameter can be either a full or relative

path name or a short name. See “Template Files” (page 167) for

details.

Optional. Enables specification of arbitrary LDAP attributes and

values. Because of potential object class requirements, additional

information beyond the basic POSIX account and group data may

need to be specified in order to create new entries in the LDAP

directory server. For example, if the person object class is used as

a structural class for posixAccounts, then the sn (surname) attribute

must be specified in order to properly create a new entry. This

attribute needs to be defined in the template file, and attribute/value

pair needs to be specified on the ldapugadd command line. The

<attr>=<value> parameter is used to specify attributes required

by the template file. However, if you specify an attribute that is not

defined in the defined template file, that attribute/value pair is

considered as an optional attribute/value and will be added to the

entry exactly as specified.

<attr>=<value> parameters are optional, but you must specify

them as the last parameters on the command line.

166 Command and Tool Reference