LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
directory server, along with two default template files for Windows Active Directory Server. These
template files can be found in the /etc/opt/ldapux/ug_templates directory. For detailed
information on how to define template files and how to name and create template files, see
Section 9.3.5.6 (page 306).
NOTE: The LDAP-UX Client Services provides two default template files to work with Windows
2003 R2 or 2008 Active Directory Server. If you use ldapugadd to access a Windows ADS, you
must manually use the following commands to relink the default LDAP-UX templates to the default
templates for Windows ADS:
• ln -fs /etc/opt/ldapux/ug_templates/ug_passwd_ads.tmpl \
/etc/opt/ldapux/ug_templates/ug_passwd_default.tmpl
• ln -fs /etc/opt/ldapux/ug_templates/ug_group_ads.tmpl \
/etc/opt/ldapux/ug_templates/ug_group_default.tmpl
When creating user or group entries for a directory server, the ldapugadd tool uses the local
configuration file /etc/opt/ldapux/ldapug.conf to manage the default values of the
uidNumber_range, gidNumber_range, user_gidNumber, default_homeDirectory,
and default_loginShell parameters. For more information about the configuration file, see
Section 9.3.5.5 (page 305).
7.7.1.3.1 Adding users to an HP directory server or Windows ADS
You can use ldapugadd to add new POSIX accounts or groups to an HP or Windows directory
server.
Use LDAP_BINDDN to specify the distinguished name (DN) of a user with sufficient directory server
privilege to add users or groups in the directory server. Use LDAP_BINDCRED to specify a password
for the LDAP user specified by LDAP_BINDDN. Alternately, you can interactively specify LDAP
administrator bind identity and credential by using the prompt (-P) option with the command.
The LDAP_UGCRED environment variable specifies the new password of a user or group being
created. You must specify the -PW option when using LDAP_UGCRED. The use of passwords for
new groups is not recommended. Alternately, you may use the -PP option to prompt for the
password of the user or group being created.
Setting environment variables
The following commands set the LDAP_BINDDN and LDAP_BINDCRED environment variables:
export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com"
export LDAP_BINDCRED = "Jane's password"
The following command sets the LDAP_UGCRED environment variable:
export LDAP_UGCRED = "user_password"
Displaying attributes in the default template file that are required for a new user entry
To discover which nonPOSIX attributes defined in the default template file are required to create
the new user entry, enter the following command:
cd /opt/ldapux/bin
./ldapcfinfo -t passwd -R
In the following example from an HP directory server environment, the output of the command
reveals that the Surname attribute is required to create the new user entry:
Surname
Adding a user entry
To create the new account entry for user mtam, enter the following command (Windows ADS does
not support the surname attribute).
7.7 Managing users and groups 223