LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

311

312

313

314

315

316

317

318

319

320

Table 29 Return codes for ldapugadd (continued)

Failed to rename the internal temporary file to /etc/opt/

ldapux/ldapug.conf.

ADD_RENAME_FAILED

A specific operation has been updated successfully. For

example, “uidnumber_range” defined in ldapug.conf

has been updated successfully.

ADD_UPDATE_OK

Option -m is not specified, therefore, -k ignored when

adding a new account.

ADD_K_IGNORED

DN has been specified more than once.ADD_TWO_DN_ERR

Options -g and -e cannot be specified at the same time.ADD_GID_GNAME_ERR

The specified group does not exist in the LDAP directory.

Could not add a user to the specified group.

ADD_NOT_IN_LDAP

Failed to update the default value in /etc/opt/

ldapuux_ldapug.conf.

ADD_FAIL_TO_UPDATE

The LDAP add operation failed.ADD_FAILED

9.3.5.9 Limitations

The following are limitations of ldapugadd:

• Because LDAP directory servers require data to be stored according to the UTF-8 (RFC3629)

character encoding method, all characters passed into ldapugadd are assumed to UTF-8,

and part of the ISO-10646 character set. ldapugadd does not perform conversion of the

locale character set to and from the UTF-8 character set.

• Because ldapugadd calls functions to discover if the group exists before adding a user to a

group, it is possible to encounter timing issues with cached information. For example, if an

administrator uses the grget command to see if a group exists, this group information is

cached by both ldapclientd (1M) and pwgrd(1M). If the group does not exist when

calling grget, and the administrator shortly creates this group with ldapugadd, the

information that the group still does not exist will still be cached. Then, when adding a new

user and specifying that this user is a member of the just created group, ldapugadd generates

an error to indicate that the user cannot be added to the group. To resolve this, you must flush

the pwgrd and ldapclientd caches.

9.3.5.10 Examples

This section provides examples of using the ldapugadd tool:

The following commands specify the LDAP_BINDDN and LDAP_BINDCRED environment variables:

export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com"

export LDAP_BINDCRED = "Jane's Password"

The following command specifies the LDAP_UGCRED environment variable:

export LDAP_UGCRED = "user_password"

Run the following commands to discover what nonPOSIX attributes defined in the default template

file are required to create the new user entry:

cd /opt/ldapux/bin

./ldapcfinfo -t passwd -R

The output of the commands is as follows:

Surname

The following commands add an account entry for the user, alam, with the user's primary login

group id, 300, and the surname, Lam. The ldapugadd tool creates the password for new user,

alam, using the user password specified in the LDAP_UGCRED environment variable. After creating

9.3 LDAP user and group management tools 311