LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

The following shows an example of a dynamic group entry created using the Directory Server

Console:

dn: cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com

cn=dyngroup

objectClass: top

objectClass: groupofuniquenames

objectClass: groupofnames

objectClass: groupofurls

memberURL: ldap:///dc=example,dc=hp,dc=com??sub?(l=California)

The memberURL attribute in the above example specifies a sub-tree search starting at any level

under dc=example, dc=hp, dc=com to find all entries matching (l=California). Any entries which

have objectclass “account” and an attribute “l” with the value of “California” will be

returned. With LDAP-UX, an additional criteria will be added that the user entry must be a

POSIX account.

4.2.1.2 Step 2: Adding POSIX attributes to a dynamic group

To create an HP-UX POSIX dynamic group, you must use the Directory Server Console, or the

ldapmodify tool to add the following objectclass and attribute information to the dynamic

group entry created in Step 1: Creating a Dynamic Group:

• posixgroup objectclass

• gidNumber attribute

• cn attribute if it does not exist in the group entry.

4.2.1.2.1 Adding attributes to a dynamic group using ldapmodify

Procedures

As an example, to create an HP-UX POSIX dynamic group, use the ldapmodify tool to add

posixgroup and gidNumber information to the dynamic group entry created from the Directory

Server Console as follows:

1. Create an LDIF update file.

For example, the following LDIF update file, new.ldif, adds a posixgroup objectclass

and the gidNumber attribute to the “dn:

cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com” entry:

dn: cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com

changetype: modify

add: objectClass

objectClass: posixgroup

add: gidNumber

gidNumber: 500

2. Use the ldapmodify tool to modify the existing entry with the LDIF file created in step 1.

For example, the following command modifies the dynamic group entry in the LDAP

directory server, ldaphost1, using the LDIF update file, new.ldif:

ldapmodify —D “cn=Directory Manager" —w <passwd> —h ldaphost1 —p

389 —f new.ldif

Examples

The following example is an HP-UX POSIX dynamic group entry with objectClass:

posixgroup and gidNumber: 500 information added:

dn: cn=dyngourp,ou=groups,dc=example,dc=hp,dc=com

122 Dynamic group support