LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

251

252

253

254

255

256

257

258

259

260

Table 7-7 Return codes for ldapugmod (continued)

Member(s) need to be specified for the specified option.

For exmaple,

ldapugmod -t group -r ""

The output of the command is as follows:

ERROR: MOD_COMMANDLINE_ERR:

member(s) need to be specified for -r

option.

ldapugmod -t group -a ""

The output of the command is as follows:

ERROR: MOD_COMMANDLINE_ERR:

member(s) need to be specified for -a

option.

MOD_COMMANDLINE_ERR

Cannot remove user account from the specified group,

will be skipped.

MOD_MEMBER_SKIPPED

Duplicate modification requests are found in the

command options. For example,

ldapugmod -A "cn=Mike Lee" -A "cn=Mike Lee”

mlee

After running the above command, ldapugmod exits

with the MOD_DUP_REQUEST error status because

duplicate modification requests are specified.

MOD_DUP_REQUEST

Conflict modification requests are found in the command

options.

MOD_CONFLICT_REQUEST

Rename entry's RDN failed.

MOD_RENAME_RDN_FAILED

The specified command deletes the existing value in the

RDN, but no new value for the RDN has been provided.

MOD_NEW_RDN_NEEDED

The account entry being added is already a member of

the specified group.

MOD_MEMBER_EXIST

The user's home directory does not exist.

MOD_HOMEDIR_DOESNOT_EXIST

Cannot move user's home directory, missing information.

MOD_MISSING_INFORMATION

7.3.6.6 Security considerations

Be aware of the following security considerations when you use ldapugmod:

• The ldapugmod tool requires an LDAP administrator permissions when it performs

operations on the directory server. The rights to modify existing LDAP directory entries

under the requested subtree, and to create, modify and remove the required attributes in

that entry must be granted to the administrator identity that you specify when executing

ldapugmod.

• With any POSIX-type identity, the user and group ID numbers are used by the HP-UX

operating system to determine rights and capabilities in the OS as well as in the file system.

For example, a root user ID 0 has unlimited OS administration and file access rights. Before

modifying an entry, you must be aware of the selected user and group ID number and any

policy that may be associated with that ID.

• Modification (renaming) of a POSIX account does not automatically modify that account’s

membership in groups, unless the LDAP directory server intrinsically provides that capability.

Some LDAP directory servers have a feature known as “referential integrity”, which performs

modification or removal of DN-type attributes if the specified DN is either changed or

removed

7.3 LDAP user and group management tools 259