LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

241

242

243

244

245

246

247

248

249

250

cn Represents the users’s full name when you define it in a passwd template

file. Represents the group name when you define it in a group template file.

gidNumber

Represents the group ID number when you specify it in a group template

file for the new group entry.

In addition, comments are allowed. Comments are on a separate line and the first character is

the # (hash) character.

Guidelines for template files

Use the following guidelines when creating template files:

• Use the first line of the template file to define the distinguished name (DN) of the new entry.

Because each DN is unique, the first component of the DN (the relative distinguished name

or RDN) must be able to construct a unique value for each new entry. Define the RDN using

a ${<name>} construct. Typically, you can use the cn or uid attribute in the RDN for new

user entries and the cn attribute for new group entries.

• Define each template file for only one entry in the LDAP directory server.

• Each template file can be built using custom attributes and values. Customized attribute

values are defined using the ${<name>} construct. However, for each non-RFC 2307 attribute

used, you must specify each of those attributes on the command line with an

“<attr>=<value>” pair argument when using ldapugadd to create a new entry.

For example, the following command adds the non-RFC 2307 addtribute and value pair,

sn=Michael, with the UID name Mhu to a new user entry based on the default template file,

ug_passwd_default.tmpl:

ldapugadd -t passwd -f "Michael Hu" Mhu -c "an example user entry" "sn=Michael"

• Each template file can contain comment lines. Each comment line must begin with the “#”

character.

• Do not specify the userPassword attribute in the template file. Use the -PP option or the

LDAP_UGCRED environment variable to specify an initial password of the user or group

being created.

• You cannot specify the memberUid attribute in the template file, because the number of

eventual members of a group can not be statically defined when the group is newly created.

The ldapugadd tool ignores the memberUid attribute if specified in the template file.

7.3.5.6.4 Multi-valued attributes in template files

LDAP-UX supports multi-valued attributes defined in a template file. This means that the same

attribute name and/or value can be specified more than once in the template file.

For example, in the following template file, secondaryTeams is a multi-valued attribute that

can be specified twice for each new posixAccount entry created. In this case, ldapugadd will

fill each attribute value in order specified in the template file based on the order that those

attributes are specified on the command line. If not enough attribute values are specified on the

command line to fill the attribute values used in the template file, ldapugadd returns an error.

dn: uid=${uid},ou=people,${basedn}

objectclass: person

objectclass: myOrg

objectclass: posixAccount

sn: ${sn}

primaryTeam: ${primaryTeam}

secondaryTeams: ${secondaryTeams}

${posixProfile}

7.3 LDAP user and group management tools 245