LDAP-UX Client Services B.05.00 Administrator's Guide
To replace an owner of the host, you can specify the -O option
twice to remove the existing user and add a new one. For example:
ldaphostmgr -O !user:olduser -O user:newuser hostname
If the user is adding a new host entry (-a option) and if the -O
option is not specified, the owner attribute is assigned the DN of
the current user (as authenticated by ldaphostmgr). Refer to
Security Considerations for additional information.
On ADS, the owner information is stored in the managedBy
attribute. Because the managedBy attribute is single-valued on
ADS, only one owner may be assigned to the host.
If DN is specified, ldaphostmgr checks to see if the DN exists in
LDAP server. If it does not exist, ldaphostmgr prompts to see if
the DN should be added anyway (unless the -X option is specified,
in which case an error is returned). If the -F option is specified,
ldaphostmgr sets the owner attribute to the specified DN, even
if that DN does not exist in the directory server.
-c comment
Specifies the comment/description to be associated with the host
entry. The comment text is added as a value in the description
attribute. If the description attribute exists, then all values are
replaced with the specified comment. If the ! option is specified,
the description attribute is removed entirely.
-k [!|?|^]keytype
Adds, changes, removes, or validates ssh key(s) for the host. The
keytype is either a key-string as defined in the -t option of the
ssh-keygen manpage (currently defined as rsa1, rsa, and dsa),
the key-string all, or a file path name that references a file that
contains keys for the host. The key-file format is the same as a
host-key file (such as found in /etc/opt/ssh/ssh*.pub), except
that more than one key can be specified, on separate lines. If a
key-file is specified, the key(s) found in the key-file are simply
added/modified in the host entry, without validation of the actual
keys used on the host. The !, ?, and ^ controls do not apply when
using a key-file.
When adding or modifying keys (neither the ! nor ? controls are
specified) and keytype is one of the specified keystrings (not a
key-file path), then for the specified key type (or all key types),
the following action is performed:
• If the key of that type exists on the host, but does not yet exist
in the directory server entry for this host, then that key is
added to the directory server entry for the host.
• If the key of that type does not exist on the host, a new key
on the host is created, and that key is added to the directory
server entry for this host. If the host entry already contains a
key of the same type, that key is replaced in the entry with
the newly created key.
• If the key of that type exists on both the host and in the host’s
directory server entry, then ldaphostmgr changes the current
key of that type on the host and then replaces that key in the
host’s directory server entry. ldaphostmgr will prompt for
confirmation before changing an existing key on the host,
unless the -X option is specified (in which case, the key is
not changed unless -F is also specified.)
270 Command and tool reference