LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

161

162

163

164

165

166

167

168

169

170

5.5.4.1 Adding users

You can add users to your system as follows:

1. Add the user's posixAccount entry to your LDAP directory.

You can use your directory's administration tools, the ldapugadd command, or the

ldapentry tool to add a new user entry to your directory. If you are adding a large number

of users, you could create a passwd file with those users and use the migration tools to add

them to your directory. For information about these tools, see NIS/LDAP Gateway

Administrator's Guide at the following location:

http://www.hp.com/go/hpux-security-docs

Click HP-UX LDAP-UX Integration Software.

To add the new user with the HP-UX Directory Server Console, select the Directory tab.

Select the directory location in the left panel where your user information is. Select the

Object→New→Other menu item. Select the posixAccount object class in the dialog box and

select OK. Fill in the values for the user and select OK.

2. Add the user to the appropriate posixGroup entry.

You can use your directory's administration tools, or the ldapmodify program to add the

user to the appropriate group in the directory. Add the user name to the memberuid attribute.

To add the new user with the the HPDS/RHDS Directory Server Console, select the Directory

tab. Select the directory location in the left panel where your group information is. Double

click on the group where you want to add the user, or select the group and select the

Object→Open menu item. In the dialog box, select the memberuid attribute. Then, select

the Edit→Add menu item. Fill in the user's UID (login) name in the new field and select OK.

3. To verify that the information was added and is accessible to the client, use nsquery or

pwget:

nsquery passwd user

pwget -n user

5.5.4.2 Examples of adding a user

You can use ldapugadd to add new POSIX accounts or groups to an LDAP directory server.

Use LDAP_BINDDN to specify the distinguished name (DN) of a user with sufficient directory

server privilege to add users or groups in the directory server. Use LDAP_BINDCRED to specify

a password for the LDAP user specified by LDAP_BINDDN. Alternately, you can input LDAP

administrator bind identity and credential interactively with a prompt (-P) option.

The LDAP_UGCRED environment variable specifies the new password of a user or group being

created. You must specify the -PW option when using LDAP_UGCRED. The use of passwords for

new groups is not recommended. Alternately, you can use the -PP command option to prompt

for the password of the user or group being created.

Below are examples of using ldapugadd to add user entries.

Run the following command to set the LDAP_BINDDN and LDAP_BINDCRED environment

variables

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com"

export LDAP_BINDCRED = "Jane's password"

Run the following command to specify the LDAP_UGCRED environment variable:

export LDAP_UGCRED = "user_password"

Run the following commands to discover what non-POSIX attributes defined in the default

template file are required to create the new user entry:

cd /opt/ldapux/bin

./ldapcfinfo -t passwd -R

164 Administering LDAP-UX Client Services