LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
http://www.hp.com/go/hpux-security-docs
Click HP-UX Directory Server.
The following shows an example of a dynamic group entry created using the Directory Server
Console. The definitions of the memberURL attribute and the groupOfURLs object class are shown
in bold type.
dn: cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com
cn=dyngroup
objectClass: top
objectClass: groupofuniquenames
objectClass: groupofnames
objectClass: groupofurls
memberURL: ldap:///dc=example,dc=hp,dc=com??sub?(l=California)
The memberURL attribute in the example specifies a sub-tree search starting at any level under
dc=example, dc=hp, dc=com to find all entries matching (l=California). Any entries
which have object class account and an attribute l with the value of California will be
returned. With LDAP-UX, an additional criteria is added requiring that the user entry be a POSIX
account.
6.2.1.2 Step 2: Adding POSIX attributes to a dynamic group
To create an HP-UX POSIX dynamic group, you must use the Directory Server Console or the
ldapmodify tool to add the following object class and attribute information to the dynamic group
entry created in the preceding step:
• posixgroup object class
• gidNumber attribute
• cn attribute if it does not exist in the group entry
For example, to create an HP-UX POSIX dynamic group, use the ldapmodify tool to add
posixgroup and gidNumber information to the dynamic group entry created from the Directory
Server Console as follows:
1. Create an LDIF update file.
For example, the following LDIF update file, new.ldif, adds a posixgroup object class
and the gidNumber attribute to the “dn:
cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com” entry:
dn: cn=dyngroup,ou=groups,dc=example,dc=hp,dc=com
changetype: modify
add: objectClass
objectClass: posixgroup
-
add: gidNumber
gidNumber: 500
2. Use the ldapmodify tool to modify the existing entry with the LDIF file created in step 1.
For example, the following command modifies the dynamic group entry in the LDAP directory
server, ldaphost1, using the LDIF update file, new.ldif:
ldapmodify —D “cn=Directory Manager" —w <passwd> —h ldaphost1 —p
389 —f new.ldif
Example dynamic group entry
The following example is an HP-UX POSIX dynamic group entry with objectClass: posixgroup
and gidNumber: 500 information added (shown in bold type):
dn: cn=dyngourp,ou=groups,dc=example,dc=hp,dc=com
objectClass: groupofuniquenames
objectClass: groupofnames
174 Dynamic group support