LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
3. On all clients that are to use the new controller, edit the startup file /etc/opt/ldapux/
ldapux_client.conf to refer to the new domain controller and the new profile. Modify
the PROFILE_ENTRY_DN line as described under Section 7.10.4 (page 246). Modify the
LDAP_HOSTPORT line to specify the domain controller server.
4. Download the new profile from the new domain controller, as described in Section 3.5.6
(page 158).
7.7 Managing users and groups
LDAP-UX Integration supports a new set of noninteractive LDAP command-line tools that enable you
to list, add, modify or delete user accounts and groups in an LDAP directory server. These new
tools provide capabilities to perform those operations without needing to discover the LDAP server
information. Each tool uses the LDAP-UX profile configuration to discover server information, such
as the host name and port number of the LDAP directory server and proper search filters for finding
users and groups. Each tool provides command options that enable you to alter these configuration
parameters. Using these new tools does not require you to have extensive knowledge of the LDAP
schema, protocol and LDAP-UX configuration of each directory server product. These tools performs
installation specific data model interpretation, such as converting UID-name based group membership
(POSIX-style) to X.500 DN based membership (LDAP-style).
The LDAP User and Group (UG) management tools support the following features:
• Create, modify, delete, or list users and groups in an LDAP directory server.
• Modify user or group password.
• Support attribute mapping for definition of POSIX attributes used when creating or modifying
entries.
• Support specification of group membership using X.500-style DN based member attributes.
• Provide customized and default templates for defining new user and group entries, which
enables arbitrary data models to be used.
• Support SSL or TLS encryption of data connections to the LDAP directory server if requested.
• Provide the ability to connect to an alternate directory server other than that specified by the
LDAP-UX configuration profile.
• Discover programmatically if LDAP-UX is installed, configured and operating properly for a
specified service.
The HP System Management Homepage (SMH) Users and Groups interface uses these LDAP UG
command line tools to implement the web-based user interface functionality that manages POSIX
users and groups in an LDAP directory server. This enables HP-UX system administrators to manage
users and groups in an LDAP directory server using SMH UG-LDAP web-based interface on an
HP-UX 11i v3 system. The HP System Management Homepage (SMH) product supports the LDAP
user and group web-based management feature via HP-UX 11i v3 September, 2007 release.
You can use the LDAP command-line tools described in Section 7.7.1 (page 218) to manage users
and groups for either HP directory servers or Windows ADS. Specific Windows utilities for managing
Windows ADS users and groups are discussed in Section 7.7.2 (page 234).
7.7.1 LDAP command-line tools for managing HP directory server and Windows
ADS users and groups
The LDAP-UX Integration product supports the following LDAP command-line tools for management
of user and group information in an LDAP directory server. These LDAP user and group tools exist
in the /opt/ldapux/bin directory. For detailed information about tool usage, syntax, options,
arguments, environment variables and return codes supported by these tools, see Section 9.3
(page 283), or see the ldapuglist(1M), ldapugadd(1M), ldapcfinfo(1M), ldapugmod(1M), and
ldapugdel(1M) manpages.
218 Administering LDAP-UX Client Services