LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

171

172

173

174

175

176

177

178

179

180

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=exmple,dc=com"

export LDAP_BINDCRED = "Jane's password"

Run the following commands to delete the entire user account entry, skeith:

cd /opt/ldapux/bin

./ldapugdel -t passwd skeith

Run the following command to delete only the posixAccount object class and associated attributes,

uidnumber, gidNumber, homeDirectory, loginShell and gecos, without delete the entire

user entry, msmith:

./ldapugdel -t passwd -O msmith

Run the following command to delete the entire group entry with the distinguished name,

“cn=groupA,ou=groups,dc=example,dc=com":

./ldapugdel -t group -D "cn=groupA,ou=groups,dc=example,dc=com"

Run the following command to delete only the posixGroup object class and associated attributes,

gidNumber, memberUid and userPassword, without delete the entire group entry, groupB:

./ldapugdel -t group -O groupB

Command arguments

The following describes the ldapugdel options and arguments used in the above examples:

-t <type> Specifies the type of entry the ldapugdel tool needs to delete. <type> can be

passwd or group. The passwd type represents LDAP user entries which contain

POSIX account-related information. The group type represents LDAP group

entries which contains POSIX group-related information.

-O Allows the ldapugdel tool to delete only the posixAccount or posixGroup object

class and associated attributes, without deleting the entire user or group entry.

-D The ldapugdel tool searches for the named user or group using the search rules

defined by the service search descriptor in LDAP-UX configuration profile. You

can use the -D option to specify the distinguished name (DN) of the entry being

deleted. You can specify only one of -D, <uid_name> or <group_name>

parameter on the command line.

5.5.8 Examining the LDAP-UX configuration

The ldapcfinfo tool provides several capabilities used to report LDAP-UX configuration and

status. When used specifically with the LDAP user and group tools, ldapcfinfo can be used

to discover LDAP-UX configuration details about required attributes when adding new users

or groups to an LDAP directory server.

5.5.8.1 Checking if LDAP-UX is configured

Use the ldapcfinfo -t <type> command to check whether the LDAP-UX is properly

configured for a specified service. The valid <type> value can be passwd, group, netgroup,

services, rpc, hosts, networks, automount, NIS-based publickey, protocols and pam.

The following commands check whether LDAP-UX is properly configured for the passwd service:

cd /opt/ldapux/bin

./ldapcfinfo -t passwd

Assume that LDAP-UX is properly configured, below is the output of the above command:

INFO: CFI_CONFIG_SUCCESS:

"passwd" service appears properly configured for LDAP-UX operation

The following command checks to see if LDAP-UX is properly configured for the automount

service:

./ldapcfinfo -t automount

5.5 Managing users and groups 171