LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

261

262

263

264

265

266

267

268

269

270

using that identity. Specifying -I on a remote host will fail if

LDAP-UX (version > B.05.00) is not installed on that host.

-X

Does not prompt for information, including the host’s password

or other interactive confirmation prompts. If required information

cannot be discovered, the command exits with an error. The -F

option can be used to force an override for most confirmation

prompts.

-Z

Requires an SSL connection to the directory server, even if the

ldapux(5) configuration does not require the use of SSL. Use of

-Z requires that either a valid server or CA certificate be defined

in the /etc/opt/ldapux/cert8.db file. An error occurs if the

SSL connection could not be established. See Section 7.3.8.4

(page 274) for additional details.

-ZZ

Attempts a TLS connection to the directory server, even if the

ldapux(5) configuration does not require the use of TLS. If a TLS

connection cannot be established, a non-TLS and non-SSL

connection is established. Using -ZZ is not recommended unless

alternative methods are used to protect against network

eavesdropping. Use of -ZZ requires that either a valid server or

CA certificate be defined in the /etc/opt/ldapux/cert8.db

file. See Section 7.3.8.4 (page 274) for additional details.

-ZZZ

Requires a TLS connection to the directory server, even if the

ldapux(5) configuration does not require the use of TLS. Use of

-ZZZ requires that either a valid server or CA certificate be defined

in the /etc/opt/ldapux/cert8.db file. An error occurs if the

TLS connection could not be established. See Section 7.3.8.4

(page 274) for additional details.

-P

Specifies that the host should be assigned a password. This is

typically used when the host acts as a proxy user for an LDAP-UX

connection to the directory server. In this case, the LDAP

administrator should grant the host the privilege to read LDAP

RFC 2307 schema attributes in the directory server. This option

prompts for the host password, unless the password has been

specified in the LDAP_HOSTCRED environment variable. If the

-X option is specified, the host password must be specified in the

LDAP_HOSTCRED environment variable, or an error is returned.

-C

If the directory server authentication credentials have not been

specified in the LDAP_BINDDN and LDAP_BINDCRED

environment variables, then the -C option tells ldaphostmgr to

use the credentials specified in the /etc/opt/ldapux/acred

file. If that file does not exist, or the user running ldaphostmgr

does not have sufficient privilege to read that file, then

ldaphostmgr prompts for directory server authentication

credentials, unless the -X option was specified. Without the -C

option, the acred file is not used.

-f If the host_name specified is a short name (without the fully

qualified DNS domain), the -f option adds/modifies the fully

qualified host name to the host entry. Example:

cn=host.domain.org. Both the short and full name are added

to the cn (or mapped) attribute. The -f option applies to both the

-a and -m operations. If host_name is already fully qualified

(contains a domain), then the -f option has no effect. Only a

268 Command and tool reference