LDAP-UX Client Services B.05.00 Administrator's Guide
7.3.6 ldapugmod tool
The ldapugmod tool enables HP-UX administrators to modify existing POSIX accounts or groups
in an LDAP directory server. When using extended options, you can use ldapugmod to modify
arbitrary attributes for user or group entries or you can extend existing user or group entries
with the POSIX data model. To use ldapugmod, you must provide LDAP administrator credentials
that have sufficient privilege to perform the user or group modification operations in the LDAP
directory server.
7.3.6.1 Synopsis
ldapugmod [-t passwd] [options] [-h <hostname>] [-p <port>]
[-f <full_name>] [-n <new_name>] [-u <uid_number>] [-g <group/gid>]
[-s <login_shell] [-d <home_directory>[-m]] [-c <comment>] [-I <gecos>]
[[-A <attrval>][...]]
[[-R <attrval>][...]] [-D <DN>|<uid_name>]
[[<attr>=<value>][...]]
ldapugmod -t group [options] [-h <hostname>] [-p <port>]
[-n new_name>] [-g <gid_number>] [-a <member>[,...]] [-r <member>[,...]]
[-c <comment>] [[-A <attrval>][...]][[-R <attrval>][...]]
[-D <DN>|<group_name>] [[<attr>=<value>][...]]
7.3.6.2 Options
The ldapugmod tool supports the following command options:
-P
Prompts for the administrator's bind identity (typically LDAP DN or Kerberos principal)
and bind password. If you do not specify the -P option, ldapugmod discovers the bind
identity and password from the environment variables LDAP_BINDDN and
LDAP_BINDCRED. If the LDAP_BINDDN and LDAP_BINDCRED environment variables
have not been specified, ldapugmod uses the bind configuration specified in the
LDAP-UX configuration profile. If the LDAP-UX configuration profile has specified the
“proxy” bind, ldapugmod reads the bind credential from either the /etc/opt/ldapux/
acred or the /etc/opt/ldapux/pcred file. The /etc/opt/ldapux/acred file is
only used by users who have sufficient administrative privilege to read this file.
-PP
Prompts for the password of the user or group being modified. If you do not specify the
-PP option, the ldapugmod tool retrieves the password for the modified user or group
from the LDAP_UGCRED environment variable if the -PW option is specified. Use of -PP
implies the use of -PW.
-PW
Changes the user or group password attribute. If attribute mapping for the
userPassword attribute in the LDAP-UX configuration profile has not been defined
or set to *NULL*, ldapugmod will create new passwords in the userPassword attribute.
If you specify the -PW option, you must also specify either the LDAP_UGCRED environment
variable or the -PP option.
-O With ldapugmod, you can add posixAccount and posixGroup attributes to a user
or group entry that does not already contain the posixAccount or posixGroup object
class. This ability requires use of the -D option. With the -O option, ldapugmod attempts
to add the posixAccount or posixGroup objectclass and respective attributes
(depending on if the -t passwd or -t group option is specified) to the entry being
modified. When used with Microsoft Windows Active Directory service, if the user or
group entry is build using the abstract “User” or “Group” class, ldapugmod assumes
that the abstract class already includes the required Microsoft SFU attributes, and thus
does not add the posixAccount or posixGroup object class to the entry.
-Z
Requires an SSL connection to the LDAP directory server, even if the LDAP-UX
configuration profile does not specify the use of SSL. If you use the -Z option, you must
define either a valid directory server or CA certificate in the /etc/opt/ldapux/
cert8.db file. An error occurs if the SSL connection can not be established.
250 Command and tool reference