LDAP-UX Client Services B.05.00 Administrator's Guide
7.4 LDAP directory tools
This section briefly describes the ldapentry, ldappasswd, ldapsearch, ldapmodify and
ldapdelete.
For detailed information about ldapsearch, ldapmodify, and ldapdelete, see the HP-UX
Directory Server administrator guide available at the following website:
http://www.hp.com/go/hpux-security-docs
Click HP-UX Directory Server.
7.4.1 ldapentry
ldapentry is a script tool that simplifies the task of adding, modifying and deleting entries in
a Directory Server. It supports the following name services: passwd, group, hosts, rpc, services,
networks, and protocols.
ldapentry accepts run-time options either on the command line, or via environment variables,
which can be defined locally, in the configuration profile or are read in from the configuration
profile. The add and modify functions open an entry into an editor with a pre-defined template
to aid the user in providing the necessary directory attributes. The template file is customizable
and can be found in /etc/opt/ldapux/ldapentry.templates.
The ldapentry command also accepts options through environment variables, configuration
files, and the LDAP configuration profiles.
Configuration variable
Configuration variables can be defined in the following locations (from most specific to most
general):
1. as shell environment variables
2. in a user 'rc' configuration file (~/.ux_ldap_admin_rc)
3. in a global configuration file (/etc/opt/ldapux/ldapclient.conf)
4. in the configuration profile (/etc/opt/ldapux/ldapux_profile.ldif)
The order of evaluation is that any settings on more specific locations will overwrite any settings
on more general locations.
Environment variables
The following environment variables can be defined:
LDAP_BINDDN The DN of the LDAP user allowed to add, delete, or modify the entry.
LDAP_BINDCRED The password for the above specified LDAP user. It is recommended to
not store the password in any configuration file, the user will be prompted
for it when running ldapentry.
LDAP_HOST Host name of LDAP directory server.
LDAP_BASEDN
The DN of the search base which tells ldapentry where to start the search
for the entry. In case of adding an entry, LDAP_BASEDN determines the
insert base.
LDAP_SCOPE The scope of LDAP search (sub, one, base). Will default to sub if
LDAP_BASEDN is defined, but LDAP_SCOPE is not. You must define
LDAP_BASEDN, if you define LDAP_SCOPE.
INSERT_BASE This DN tells ldapentry where to insert new entries. This value will default
to LDAP_BASEDN or a default discovered by the configuration profile.
INSERT_BASE is only used when adding entries.
EDITOR The editor to use when an entry is added or modified.
292 Command and tool reference