LDAP-UX Client Services B.05.00 Administrator's Guide
WARNING! If you specify the -I option and you have defined
attribute mapping for the gecos attribute, be careful not to specify
the same attributes in the command line that are also used in the
gecos map. In the following example, the gecos attribute has
been mapped to cn, l, and telephoneNumber attributes. The
following command can produce unpredictable results:
ldapugmod -I “lisa Hu,Austine,222-1234” lhu "cn=lisa
Hu” “sn=Hu”\
“telePhoneNumber=222-1234”
In the above example, because of the gecos attribute mapping,
the cn and telephoneNumber are specified twice, it results an
error when the same attribute and value are added to the directory
server. Use the ldapcfinfo tool to check gecos attribute
mapping configuration.
If the <gecos> argument is an empty string, ldapugmod removes
the gecos or mapped attributes. HP does not recommend that
you use the -I option, because the gecos attribute is often
mapped to required attributes. See the “WARNING” section below
for impacts when using this option.
-c <comment> Replaces a comment that will be stored in the description
attribute as defined by RFC 2307. LDAP-UX does not support
attribute mappings for the description attribute.
<attr>=<value>
Enables modification of arbitrary LDAP attributes and values. The
<value> parameter may be an empty string. However this usage
does not remove attributes and their values from the directory
server. Instead use the -R option to remove arbitrary attributes.
See the “WARNING” section below for impacts when using this
option
7.3.6.3.2 Options applicable to -t group
The following is a list of valid options for -t group:
<group_name>
Required. Specifies the POSIX style textual group name for the group
entry to modify. You must specify the group name if you do not
specify the -D option. This group name must conform to HP-UX
group name requirements. For more information about group name
requirements, see the group(4)manpage.
-g <gidNumber> Replaces the group’s numeric ID number. If the specified gidNumber
value already exists in the directory server, ldapugmod does not
modify the group entry and return an error status, unless you specify
the -F option.
-a <member>[,...]
Adds one or more members to the specified group.
The ldapugmod tool follows the same membership syntax defined
by the LDAP-UX configuration profile attribute mapping. Specifically,
if LDAP-UX has mapped the RFC 2307 group membership attribute,
memberUid, to a DN-based membership attribute such as member
or uniqueMember, then ldapugmod defines membership using the
DN of the specified user. When specifying a list of members, you
must use a comma with no white space to separate each member. If
the memberUid attribute has been mapped to more than one attribute
7.3 LDAP user and group management tools 255