LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

271

272

273

274

275

276

277

278

279

280

-D DN, or host_name

Specifies the host DN or POSIX host name for which to apply the

operation. Specifying either -D DN, or host_name is required,

even if the intent is to manage data for the local host. Specify the

host's true full or short name when using host_name. Do not

specifylocalhost when attempting to modify the local host.

If host_name is specified, it is positional-dependent on the

ldaphostmgr command line and should be placed after all the

command options.

If host_name is specified, ldaphostmgr constructs the DN of

the entry using the host search base as the parent DN. If the search

base for the host's service as defined in the profile is the same as

the default search base, then by default ldaphostmgr adds a host

container to the default search base. For example, if the default

search base is dc=myorg,dc=org, then ldaphostmgr builds the

DN by adding both the ou=hosts container (or cn=computers

for ADS) and the host name to the DN, resulting in

cn=hostname,ou=hosts,dc=myorg,dc=org. If -D DN is

specified, then the host name is extracted from the value defined

in the RDN component of the specified DN.

attr=value

Allows modification of arbitrary LDAP attributes and values.

value can be an empty string. However, this usage does not

remove attributes and their values from the directory server.

Instead, use the -R option to remove arbitrary attributes:

See Section 7.3.8.6 (page 275) for the impact of using this option.

7.3.8.3 Object Classes

By default, ldaphostmgr uses the device and ipHost object class when creating new entries (or

the computer object class for ADS). Using certain options will cause additional attributes and

their corresponding object classes to be added to host entries that are being created or modified.

These include the following object classes:

• ldapPublicKey—used when the -k option is specified.

• domainEntity—used when the -r or -P option is specified.

The ldapPublicKey and domainEntity object classes are not added to entries stored in ADS.

7.3.8.4 Binding to the Directory Server

The ldaphostmgr is designed to take advantage of the existing ldapux(5) configuration for

determining to which directory server to bind and how to perform the bind operation.

ldaphostmgr consults the ldapux(5) configuration profile for the following information:

• The list of LDAP directory server hosts

• The authentication method (simple passwords, SASL/DIGEST-MD5, and so on)

If neither the LDAP_BINDDN or LDAP_BINDCRED environment variable is specified,

ldaphostmgr also consults the ldapux(5) configuration for additional information:

• The type of credential (user, proxy, or anonymous) to use

• The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for

administrative users, or /etc/opt/ldapux/pcred for nonprivileged users)

As with ldapux(5), ldaphostmgr attempts to contact the first available directory server as

defined in the ldapux(5) host list. As soon as a connection is established, further directory servers

on the host list are not contacted. Once connected, ldaphostmgr first determines if the

environment variables LDAP_BINDDN or LDAP_BINDCRED were specified. If both are specified,

then ldaphostmgr attempts to bind to the directory server using the specified credentials and

274 Command and tool reference