LDAP-UX Client Services B.05.00 Administrator's Guide

current command. If attribute mapping for the userPassword attribute has
not been defined or set to “*NULL*” in the LDAP-UX configuration profile,
ldapugadd or ldapugmod creates new passwords using the userPassword
attribute. See the -PW option of Section 7.3.5 (page 232) or Section 7.3.6 (page 250)
for additional information.
NOTE: To support non-interactive use of the ldapuglist, ldapugadd, ldapugmod and
ldapugdel commands, you can use the LDAP_BINDDN and LDAP_BINDCRED environment
variables to specify the LDAP administrator's identity and password. Use LDAP_UGCRED to
specify the user or group password being created or modified. To prevent exposure of these
environment variables, you must unset them after use. The shells(4) command history log
may contain copies of the executed commands that show setting of these variables. You must
protect access to a shell’s history file. Specification of the LDAP administrators credentials on
the command line is not allowed, because information about the currently running processes
can be exposed externally from the session. Using the -P command option eliminates the
LDAP_BINDDN and LDAP_BINDCRED environment variables by interactively prompting for the
required administrator's credentials. Using the -PP command option eliminates LDAP_UGCRED
by interactively prompting for the required password of the user or group being created or
modified.
7.3.2 Return value formats
Upon exit, ldapuglist, ldapugadd, ldapugmod, ldapugdel or ldapcfinfo returns a 0
(zero) exit status if no errors or warnings are encountered. A non-zero exit status is returned and
one or more messages are logged to stderr if these tools encounters an error or warnings. Messages
follow the below format:
ERROR: <code>:
<message>
or
WARNING: <code>:
<message>
Leading extra white space may be inserted to improve readability and follow 80 column screen
formatting. <code> is a programmatically parsable error key-string, while <message> is
human-readable text.
7.3.3 Common return codes
Table 7-4 lists common return codes used by ldapuglist, ldapugadd, ldapugmod, ldapugdel
and ldapcfinfo.
For detailed information on a list of specific return codes for each tool, see “Specific return codes
for ldapuglist” (page 229), “Specific return codes for ldapugadd” (page 246), “Specific return codes
for ldapugmod” (page 258), “Specific return codes for ldapugdel” (page 264), or “Specific return
codes for ldapcfinfo” (page 288).
Table 7-4 Common return codes
MessageReturn Code
Unable to initialize LDAP-UX library backend.
LDAP_INIT_FAILED
Cannot read the ldapux_profile.bin file.GET_LDAP_CONFIG_FAILED
Cannot reset the port number.
REPLACE_PORT_FAILED
The specified authentication method is invalid.
INVALID_AUTH_MATHOD
Unable to read input from stdin for the specified command option
value.
READ_INPUT_FAILED
220 Command and tool reference