LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

111

112

113

114

115

116

117

118

119

120

NOTE: The LDAP-UX Client Services provides two default template files to work with Windows

2003 R2 or 2008 Active Directory Server. If you use ldapugadd to access a Windows ADS, you

must manually use the following commands to re-link the default templates to the default templates

for the Windows ADS:

• ln -fs /etc/opt/ldapux/ug_templates/ug_passwd_ads.tmpl \

/etc/opt/ldapux/ug_templates/ug_passwd_default.tmpl

• ln -fs /etc/opt/ldapux/ug_templates/ug_group_ads.tmpl \

/etc/opt/ldapux/ug_templates/ug_group_default.tmpl

The ldapugadd tool uses a local configuration file, /etc/opt/ldapux/ldapug.conf, to

manage the default values of the uidNumber_range, gidNumber_range, user_gidNumber,

default_homeDirectory and default_loginShell parameters when creating user or

group entries to a directory server. See the “Command and tool reference” chapter of the LDAP-UX

Client Services Administrator's Guidefor details.

6.7.4.1 Examples of adding a user

You can use ldapugadd to add new POSIX accounts or groups to a directory server.

Use LDAP_BINDDN to specify the Distinguished Name (DN) of a user with sufficient directory

server privilege to add users or groups in the directory server. Use LDAP_BINDCRED to specify a

password for the LDAP user specified by LDAP_BINDDN. Alternately, you can input LDAP

administrator bind identity and credential interactively with a prompt (-P) option.

The LDAP_UGCRED environment variable specifies the new password of a user or group being

created. You must specify the -PW option when using LDAP_UGCRED. The use of passwords for

the new groups is not recommended. Alternately, you can use the -PP command option to prompt

for the password of the user or group being created.

Below are examples of using ldapugadd to add user entries.

Run the following command to set the LDAP_BINDDN and LDAP_BINDCRED environment variables

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=org,dc=example,dc=com""

export LDAP_BINDCRED = "Jane's password"

Run the following command to specify the LDAP_URCRED environment variable:

export LDAP_UGCRED = "user_password"

The following commands add an account entry for the user, mtam, with the user's primary login

group id, 200. ldapugadd creates the password for new user, mtam, using the user password

specified in the LDAP_UGCRED environment variable. After creating the user entry, ldapugadd

attempts to add this user as a member of the group number 200. The ldapugadd tool dynamically

assigns the uidNumber value from the pre-configured range.

cd /opt/ldapux/bin

./ldapugadd -t passwd -PW -f "Mike Tam" -g 200 mtam

Run the following command to display the new user entry, mtam:

./ldapuglist -t passwd -n mtam

Below is the user entry:

dn: cn=Mike Tam,cn=Users,dc=org,dc=example,dc=com

cn: Mike Tam

uid: mtam

uidNumber: 2200

gidNumber: 200

homeDirectory: /home/mtam

loginShell: /usr/bin/ksh

The following command adds an account entry for the user, tsheu, with the user's primary login

group id, 350, and gecos field information. In this example, the gecos attribute has been mapped

6.7 User and group management 119