LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
NOTE: To support noninteractive use of the ldapuglist, ldapugadd, ldapugmod and
ldapugdel commands, you can use the LDAP_BINDDN and LDAP_BINDCRED environment
variables to specify the LDAP administrator's identity and password. Use LDAP_UGCRED to specify
the user or group password being created or modified. To prevent exposure of these environment
variables, you must disable them after use. The shells command history log may contain copies
of the executed commands that show the setting of these variables. You must protect access to a
shell’s history file. Specification of the LDAP administrator’s credentials on the command line is not
allowed, because information about the currently running processes can be exposed externally
from the session. Using the -P command option eliminates the LDAP_BINDDN and LDAP_BINDCRED
environment variables by interactively prompting for the required administrator's credentials. Using
the -PP command option eliminates LDAP_UGCRED by interactively prompting for the required
password of the user or group being created or modified.
9.3.2 Return value formats
Upon exit, ldapuglist, ldapugadd, ldapugmod, ldapugdel or ldapcfinfo returns a 0
(zero) exit status if no errors or warnings are encountered. A nonzero exit status is returned and
one or more messages are logged to stderr if these tools encounters an error or warnings. Messages
follow this format:
ERROR: <code>:
<message>
or
WARNING: <code>:
<message>
Leading extra white space may be inserted to improve readability and follow 80 column screen
formatting. <code> is a programmatically parsable error key-string, while <message> is
human-readable text.
9.3.3 Common return codes
Table 27 lists common return codes used by ldapuglist, ldapugadd, ldapugmod, ldapugdel
and ldapcfinfo.
For detailed information on a list of specific return codes for each tool, see Section 9.3.4.6
(page 293), Section 9.3.5.8 (page 310), Section 9.3.6.5 (page 322), Section 9.3.7.5 (page 327), or
Section 9.3.10.3 (page 350).
Table 27 Common return codes
MessageReturn Code
Unable to initialize LDAP-UX library backend.LDAP_INIT_FAILED
Cannot read the ldapux_profile.bin file.GET_LDAP_CONFIG_FAILED
Cannot reset the port number.REPLACE_PORT_FAILED
The specified authentication method is invalid.INVALID_AUTH_MATHOD
Unable to read input from stdin for the specified command option
value.
READ_INPUT_FAILED
The LDAP_BINDDN environment variable is set, but
LDAP_BINDCRED is not set.
GETENV_FAILED
The bind Password has expired.BIND_PASSWORD_EXPIRED
The specified bind credential is invalid.BIND_INVALID_CRED
LDAP-UX failed to bind to the LDAP directory server.BIND_ERR
Failed to decrypt proxy and credential information.GET_PROXY_DECRYPT_FAILED
9.3 LDAP user and group management tools 285