LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

171

172

173

174

175

176

177

178

179

180

dn: cn=dbhosts,ou=groups,dc=mydomain,dc=eample,dc=com

cn: dbhosts

uniqueMember: cn=baker,ou=Hosts,dc=mydomain,dc=eample,dc=com

# ldaphostmgr -G dbhosts chef

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldapuglist -t group -P -F "(cn=dbhosts)" uniqueMember

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

dn: cn=dbhosts,ou=groups,dc=mydomain,dc=eample,dc=com

cn: dbhosts

uniqueMember: cn=baker,ou=Hosts,dc=mydomain,dc=eample,dc=com

uniqueMember: cn=chef,ou=Hosts,dc=mydomain,dc=eample,dc=com

To remove a host from a group, use the ! flag in front of the host name:

# ldaphostmgr -G !dbhosts baker

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldapuglist -t group -P -F "(cn=dbhosts)" uniqueMember

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

dn: cn=dbhosts,ou=groups,dc=mydomain,dc=eample,dc=com

cn: dbhosts

uniqueMember: cn=chef,ou=Hosts,dc=mydomain,dc=eample,dc=com

To list host entries that are members of a particular group, use the -g option of the ldaphostlist

command. For example, to capture all the ssh host keys for a particular group of hosts, you could

use the following command:

# ldaphostlist -g webhosts -k

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: brewer

ipHostNumber: 0.0.0.0

sshPublicKey: ssh-rsa AAAAB3NzaC16AeE...

dn: cn=raptor,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: raptor

ipHostNumber: 16.92.96.215

sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAA...

5.6.6 Classifying hosts

Because ldaphostmgr lets you attach arbitrary attributes to host entries, you can use these

attributes to classify systems and then use that information as a way to group hosts. Aside from

grouping hosts using an enumerated list of members in X.500 groups, LDAP directory servers

offer an efficient way to group systems based on their attributes. This is typically known as

dynamic grouping. In the previous example, we created a group of hosts known as dbhosts

(assuming these hosts might hold some form of data base). We could have just as easily defined

a role for these hosts, marking them as DBSERVERs as follows:

# ldaphostmgr -r DBSERVER brewer

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldaphostmgr -r DBSERVER raptor

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

Use the -f option of ldaphostlist, to quickly discover the list of DBSERVERs.

# ldaphostlist -f "(entityRole=DBSERVER)" \*

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: brewer

ipHostNumber: 0.0.0.0

objectClass: top

objectClass: device

5.6 Managing hosts in an LDAP-UX domain 179