LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

271

272

273

274

275

276

277

278

279

280

by ldaphostmgr to modify the remote keys. This means that

when the LDAP credentials are specified (through the prompt or

LDAP_BINDDN), they must also represent a POSIX account, such

that a remote login to that host can be performed by ldaphostmgr

using that identity.

The -k option is not supported with ADS.

-e days-to-expire

To keep track of when keys were originally generated,

ldaphostmgr adds a unique management-string to the

comment field of the public key. The management-string begins

with BEGIN-KM and ends with END-KM. This field is an

extensible attribute/value array, which contains at least the

creationtime attribute, which identifies when the key was

created. In addition, when the -e option is specified, the

expirationtime attribute can also be added. Discovery of hosts

with expired keys can be performed with the -k option of the

ldaphostlist command. Combined use of ldaphostlist and

ldaphostmgr can be used to keep expired keys up-to-date. See

the -k option for additional information

-i ipaddr

Adds the specified IP Address to the host entry, in the

ipHostNumber attribute (or mapped attribute). The ipaddr can

be either an IPv4 or IPv6 style address. IPv6 style addresses are

normalized to match the format recommended by the RFC2307-bis

IETF draft. If ! is specified at the beginning of the ipaddr, the

specified IP address is removed instead. If ! is specified, but no

IP address is specified, then all values specified in the

ipHostNumber attribute are removed and replaced with the value

0.0.0.0. Because the ipHost object class is critical for

distinguishing host entries in an LDAP directory server, by default

ldaphostmgr adds the ipHost objectclass and the

ipHostNumber attribute, using the discovered IP Address for

the host.

NOTE: If ! is specified to remove a specific IP address, and you

remove the last IP address associated with the host, ldaphostmgr

also removes the ipHost objectclass. This could prevent the host

from appearing in LDAP-UX (depending on the hosts service

descriptor search filter in the LDAP-UX profile.) If you want to

maintain the object classification of the ipHost, use ! by itself, to

replace it with a 0.0.0.0.

-r role

Specifies an organizational role for this host. Role is a free-format

key-string that will be assigned to the entityRole attribute. The

value specified in role replaces all values for the entityRole

attribute. The -r option can be specified more than once if more

than one role applies to the host. Organizations should consider

standardizing role key-strings, such that they can be used in LDAP

search filters to discover and manage classes of systems.

If ! is specified at the beginning of the role, the specified role is

removed instead. If ! is specified, but no role is specified, then all

values specified in the entityRole attribute are removed. Note:

On ADS, this attribute does not exist by default and would require

modifying the ADS schema to add this attribute type. Refer to the

272 Command and tool reference