LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

In the following example, a group entry in a directory server is as follows:

dn: cn=GroupC,ou=Groups,dc=org,dc=example,dc=com

cn: GroupC

gidNumber: 500

MemberUid: alouie

Description: A IT Group

Description: A Group Entry

Run the following command to add an instance of the description attribute and value to the

group entry, GroupC, without removing already existing values for that attributes:

./ldapugmod -t group -A "description=Group C Entry" groupC

The result of the GroupC entry is as follows:

dn: cn=GroupC,ou=Groups,dc=org,dc=example,dc=com

cn: GroupC

gidNumber: 500

MemberUid: alouie

Description: A IT Group

Description: A Group Entry

Description: Group C Entry

The following command adds the three members, atam, mlou, mscott, to the group entry,

groupA:

./ldapugmod -t group -a atam,mlou,mscott GroupA

The following command removes one member, atam from the group entry, groupA:

./ldapugmod -t group -r atam GroupA

Command Arguments

The following describes arguments/options used in the previous examples for the ldapugmod

-t group commands:

-A <attrval> Specifies an attribute and value to be added to an entry. When

working with multi-valued attributes, you can use the -A option to add

a new value for a multi-valued attribute, without removing already

existing values for that attributes.

-g <gidNumber> Replaces the group's numeric id number.

-a <member>[,...] Adds one or more members to the specified group. When specifying

a list of members, you must use a comma with no white space to

separate each member.

-r <member>[,...] Removes one or more members from the specified group. When you

specify a list of members, you must use a comma with no white space

to separate each member.

6.7.7 Deleting a user or a group

You can use ldapugdel to remove POSIX user and group entries from a directory server. With

the -O option, ldapugdel enables you to remove only POSIX related attributes and object classes

from a user or group entry without removing the entire entry.

The userPassword, uid, cn and description attributes are commonly used by most other

user and group schemas. With the -O option, the ldapugdel tool does not attempt to remove

these attributes. The uidNumber, gidNUmber, loginShell, homeDirectory, gecos and

memberUid are more unique to the POSIX schema, and are removed when the -O option is

specified.

The -O option functions properly with a Windows 2003 R2 ADS, because it uses standard RFC

2307 attributes with exception of the homeDirectory attribute. If ldapugdel is used to access

124 Administering LDAP-UX Client Services