LDAP-UX Client Services B.05.00 Administrator's Guide

Table 7-6 Return codes for ldapugadd (continued)
The specified keyword value is invalid, ldapugadd
ignored the keyword. For example, if /usr/bin/jsh
does not exist in the system, the ldapugadd -D -s
/usr/bin/jsh command displays the following
warnings:
WARNING: LOGIN_SHELL_DOESNOT_EXIST:
Login shell /usr/bin/jsh' does not exist.
WARNING: ADD_INVALID_KEY
Invalid keyword (default_loginShell),
ignored.
ADD_INVALID_KEYWORD
Failed to rename the internal temporary file to /etc/
opt/ldapux/ldapug.conf.
ADD_RENAME_FAILED
A specific operation has been updated successfully. For
example, “uidnumber_range” defined in ldapug.conf
has been updated successfully.
ADD_UPDATE_OK
Option -m is not specified, therefore, -k ignored when
adding a new account.
ADD_K_IGNORED
DN has been specified more than once.
ADD_TWO_DN_ERR
Options -g and -e cannot be specified at the same time.ADD_GID_GNAME_ERR
The specified group does not exist in the LDAP directory.
Could not add a user to the specified group.
ADD_NOT_IN_LDAP
Failed to update the default value in /etc/opt/
ldapuux_ldapug.conf.
ADD_FAIL_TO_UPDATE
The LDAP add operation failed.
ADD_FAILED
7.3.5.9 Limitations
The following are limitations of ldapugadd:
Because LDAP directory servers require data to be stored according to the UTF-8 (RFC3629)
character encoding method, all characters passed into ldapugadd are assumed to UTF-8,
and part of the ISO-10646 character set. ldapugadd does not perform conversion of the
locale character set to and from the UTF-8 character set.
Because ldapugadd calls functions to discover if the group exists before adding a user to
a group, it is possible to encounter timing issues with cached information. For example, if
an administrator uses the grget command to see if a group exists, this group information
is cached by both ldapclientd (1M) and pwgrd(1M). If the group does not exist when
calling grget, and the administrator shortly creates this group with ldapugadd, the
information that the group still does not exist will still be cached. Then, when adding a new
user and specifying that this user is a member of the just created group, ldapugadd generates
an error to indicate that the user cannot be added to the group. To resolve this, you must
flush the pwgrd and ldapclientd caches.
7.3.5.10 Examples
This section provides examples of using the ldapugadd tool:
The following commands specify the LDAP_BINDDN and LDAP_BINDCRED environment variables:
export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com"
export LDAP_BINDCRED = "Jane's Password"
The following command specifies the LDAP_UGCRED environment variable:
export LDAP_UGCRED = "user_password"
7.3 LDAP user and group management tools 247