LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

241

242

243

244

245

246

247

248

249

250

NOTE: If the ldapugadd tool can only add members that follow

a static membership syntax (such as memberUid, member and

uniqueMember) to a group. The ldapugadd tool will fail if the

only mapping defined by the LDAP-UX configuration profile uses

a dynamic group membership syntax (such as memberURL).

-c <comment> Optional. Specifies a comment that is stored in the description

attribute as defined by RFC 2307. LDAP-UX does not support

attribute mappings for the description attribute. If you do not

specify this option, the description attribute is not added to the

group entry.

-T <template_file>

Optional. Specifies the LDIF template file that is used to create new

group entries. If you do not specify the -T option, ldapugadd uses

the default template file either /etc/opt/ldapux/

ug_templates/ug_passwd_default.tmpl or /etc/opt/

ldapux/ug_templates/ug_group_default.tmpl depending

on the service type you specify (-t passwd or -t group).

The <template_file> parameter can be either a full or relative

path name or a short name. See Section 7.3.5.6 (page 242) for details.

Optional. Enables specification of arbitrary LDAP attributes and

values. Because of potential object class requirements, additional

information beyond the basic POSIX account and group data may

need to be specified in order to create new entries in the LDAP

directory server. For example, if the person object class is used as

a structural class for posixAccounts, then the sn (surname) attribute

must be specified in order to properly create a new entry. This

attribute needs to be defined in the template file, and attribute/value

pair needs to be specified on the ldapugadd command line. The

<attr>=<value> parameter is used to specify attributes required

by the template file. However, if you specify an attribute that is not

defined in the defined template file, that attribute/value pair is

considered as an optional attribute/value and will be added to the

entry exactly as specified.

<attr>=<value> parameters are optional, but you must specify

them as the last parameters on the command line.

7.3.5.5 LDAP UG tool configuration file

LDAP-UX supports a local configuration file, /etc/opt/ldapux/ldapug.conf. The

ldapugadd tool uses the ldapug.conf file to manage the following default values when

creating new user and group entries in an LDAP directory server:

• A default group ID for new users.

• The valid UID number range for new users.

• The valid GID number range for new groups.

• The base path for a new user's home directory. By default, LDAP-UX appends the user's

account name to the base path to create the full path name.

• The default login shell for new users.

LDAP-UX provides the default ldapug.conf file as follows:

# This file is used by the ldapugadd tool for management

# of default values for creating new user and group entries.

7.3 LDAP user and group management tools 241