LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

281

282

283

284

285

286

287

288

289

290

ldapugdel Use the ldapugdel tool to remove POSIX related user or group entries from an

LDAP directory server. Use the -O option to remove POSIX related attributes and

object classes from a user or a group entry without removing entire entry itself.

ldapcfinfo Use the ldapcfinfo tool to retrieve LDAP-UX configuration information details

about required attributes when creating new users or groups. Use this tool to

discover LDAP User and Group (UG) configuration defaults, a list of available

template files and attribute mapping information. You may also use ldapcfinfo

to ensure that the LDAP-UX product is properly configured and active.

When performing modification, creation and deletion operations on the LDAP directory server,

use these tools to input the LDAP administrator bind identity and credential interactively with a

prompt (-P) option or by specifying the LDAP_BINDDN environment variable for the administrator

identity and LDAP_BINDCRED environment variable for the administrator's credential. Values set

with a prompt (-P) option override values specified in the environment variables. If the two previously

mentioned methods have not been specified, the LDAP tool follows the bind configuration specified

in the LDAP-UX configuration profile. If the LDAP-UX profile has specified a proxy bind, the LDAP

tool reads the credential from either the /etc/opt/ldapux/acred or /etc/opt/ldapux/

pcred file. The /etc/opt/ldapux/acred file is used only by users who have sufficient

administrative privilege to read this file.

9.3.1 Environment variables

The ldapuglist, ldapugadd, ldapugmod and ldapugdel tools support the following

environment variables:

LDAP_BINDDN Specifies the distinguished name (DN) or other appropriate identity indicator

(such as a Kerberos principle id) of a user with sufficient directory server

privilege to view, add, modify or delete users and groups in the LDAP

directory server. If LDAP_BINDDN is specified, LDAP_BINDCRED must also

be specified.

LDAP_BINDCRED Specifies a password or other type of credential used for the LDAP user

specified by LDAP_BINDDN.

The ldapugadd and ldapugmod tools support the following environment variable:

LDAP_UGCRED This variable specifies the new password of a user or group being created or

modified. You must use the -PW command option when you use this environment

variable, to indicate this variable has been set and is used for the current

command. If attribute mapping for the userPassword attribute has not been

defined or set to “*NULL*” in the LDAP-UX configuration profile, ldapugadd

or ldapugmod creates new passwords using the userPassword attribute.

See the -PW option of Section 9.3.5 (page 296) or Section 9.3.6 (page 313) for

additional information.

284 Command and tool reference