LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

231

232

233

234

235

236

237

238

239

240

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldapuglist -t group -P -F "(cn=dbhosts)" uniqueMember

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

dn: cn=dbhosts,ou=groups,dc=mydomain,dc=eample,dc=com

cn: dbhosts

uniqueMember: cn=baker,ou=Hosts,dc=mydomain,dc=eample,dc=com

uniqueMember: cn=chef,ou=Hosts,dc=mydomain,dc=eample,dc=com

To remove a host from a group, use the ! flag in front of the host name:

# ldaphostmgr -G !dbhosts baker

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldapuglist -t group -P -F "(cn=dbhosts)" uniqueMember

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

dn: cn=dbhosts,ou=groups,dc=mydomain,dc=eample,dc=com

cn: dbhosts

uniqueMember: cn=chef,ou=Hosts,dc=mydomain,dc=eample,dc=com

To list host entries that are members of a particular group, use the -g option of the ldaphostlist

command. For example, to capture all the ssh host keys for a particular group of hosts, you could

use the following command:

# ldaphostlist -g webhosts -k

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: brewer

ipHostNumber: 0.0.0.0

sshPublicKey: ssh-rsa AAAAB3NzaC16AeE...

dn: cn=raptor,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: raptor

ipHostNumber: 16.92.96.215

sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAA...

7.8.6 Classifying hosts

Because ldaphostmgr lets you attach arbitrary attributes to host entries, you may use these

attributes to classify systems and then use that information as a way to group hosts. Aside from

grouping hosts using an enumerated list of members in X.500 groups, LDAP directory servers offer

an efficient way to group systems based on their attributes. This is typically known as dynamic

grouping. In the previous example, we created a group of hosts known as dbhosts (assuming

these hosts might hold some form of data base). We could have just as easily defined a role for

these hosts, marking them as DBSERVERs as follows:

# ldaphostmgr -r DBSERVER brewer

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

# ldaphostmgr -r DBSERVER raptor

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com]:

Password:

Use the -f option of ldaphostlist, to quickly discover the list of DBSERVERs.

# ldaphostlist -f "(entityRole=DBSERVER)" \*

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=eample,dc=com

cn: brewer

ipHostNumber: 0.0.0.0

objectClass: top

objectClass: device

objectClass: ipHost

objectClass: ldapPublicKey

objectClass: domainEntity

owner: uid=domadmin,ou=People,dc=mydomain,dc=eample,dc=com

sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvrJ...

240 Administering LDAP-UX Client Services