LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

241

242

243

244

245

246

247

248

249

250

7.3.5.7 Security considerations

The following are security considerations when using ldapugadd:

• Use of ldapugadd requires permissions of an LDAP administrator when it performs its

operations on the directory server. The rights for creation of new LDAP directory entries

under the requested subtree, along with creation of the required attributes in that entry must

be granted to the LDAP administrator identity when executing ldapugadd.

• As with any POSIX-type identity, the HP-UX operating system uses the specified user and

group ID number to determine rights and capabilities in the OS as well as in the file system.

For example, the root user ID 0, typically has unlimited OS administration and file access

rights. Before creating a new entry, you must be aware of the selected user and group ID

number and any policy that may be associated with that ID.

• If you use ldapugadd to randomly assign a user or group ID number, it only checks for ID

collisions found in the LDAP directory server, and not other policy repositories. When you

set user and group ID number ranges by using the -D -u or -D -g option, you must set a

range that is not used by other user or group ID repositories, and ensure that collisions will

not occur with existing users or groups that exist in other repositories.

• Modification of this identity repository will likely have impacts as defined by the

organization’s security policy. Users of ldapugadd are expected to have full knowledge of

the impact to the organization’s security policy when adding new identity information to

that identity repository.

7.3.5.8 Specific return codes for ldapugadd

The ldapugadd tool returns a list of return codes shown in Table 7-6.

Table 7-6 Return codes for ldapugadd

MessageReturn Code

Failed to add a user to the group.

ADD_USER_TO_GRP_FAILED

Specified Skeleton directory does not exist.

ADD_SKELDIR_DOESNOT_EXIST

The ldapugadd tool failed the internal putenv function

call with the specified bind environment variable, it

returns this error.

ADD_SETENV_FAILED

Information is missing. For examples, UID number is

missing, group number is missing.

ADD_INFO_MISSING

Failed to get a valid gid number or UID number when

creating a new user or group entry.

ADD_GETNUM_FAILED

A syntax error exists in the specified template file.

ADD_SYNTAX_ERR

Attribute is required. For examples, attribute “sn” is

required, attribute “telephonenumber” is required.

ADD_ATTR_REQUIRED

Specified option has invalid range value. For example,

option -u has invalid range value.

ADD_NUM_RANGE_ERR

Option -g <default_gid> or -g

<min_gid>:<max_gid> has been specified more than

once.

ADD_WRONG_G_OPT

You do not have the permission to alter

/etc/opt/ldapux/ldapug.conf.

ADD_NOT_PERMIT

246 Command and tool reference