LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

311

312

313

314

315

316

317

318

319

320

homeDirectory: /home/wang

loginShell: /usr/bin/sh

sn: Wang

The following command adds a new group entry for the group name, groupA. In this example,

ldapugadd creates the new group, groupA, and defines the initial group membership by adding

the user account, mwang, as a member.

./ldapugadd -t group -M mwang groupA

Use the following command to display the new group entry, groupA:

./ldapuglist -t group -f "(cn=groupA)"

The output of the group entry is as follows:

dn: cn=groupA,ou=Group,dc=example,dc=com

cn: groupA

gidNumber: 550

memberUid: mwang

The following command sets new default minimum and maximum ranges of UID numbers in the

local configuration file, /etc/opt/ldapux/ldapug.conf. When creating a new user account,

the ldapugadd tool randomly selects a new ID from this range if an account number has not been

specified.

./ldapugadd -D -t passwd -u 200:5000

The following command sets new default minimum and maximum ranges of GID numbers in the

local configuration file, /etc/opt/ldapux/ldapug.conf. When creating a new group, the

ldapugadd tool randomly selects a new ID from this range if a group number has not been

specified.

./ldapugadd -D -t group -g 300:3000

The following command sets the new default group ID number in the local configuration file, /etc/

opt/ldapux/ldapug.conf. The ldapugadd tool uses this value when creating a new user

entry in an LDAP directory server.

./ldapugadd -D -t passwd -g 500

The following command sets the new default login shell in the local configuration file, /etc/opt/

ldapux/ldapug.conf. The ldapugadd tool uses this login shell when creating a new user

entry in an LDAP directory server.

./ldapugadd -D -t passwd -s /usr/net/bin/sh

Run the following commands to unset the LDAP_BINDDN, LDAP_BINDCRED and LDAP_UGCRED

environment variables:

unset LDAP_BIND

unset LDAP_BINDCRED

unset LDAP_UGCRED

9.3.6 The ldapugmod tool

The ldapugmod tool enables HP-UX administrators to modify existing POSIX accounts or groups

in an LDAP directory server. When using extended options, you can use ldapugmod to modify

arbitrary attributes for user or group entries or you can extend existing user or group entries with

the POSIX data model. To use ldapugmod, you must provide LDAP administrator credentials that

have sufficient privilege to perform the user or group modification operations in the LDAP directory

server.

9.3.6.1 Synopsis

ldapugmod [-t passwd] [options] [-h <hostname>] [-p <port>]

[-f <full_name>] [-n <new_name>] [-u <uid_number>] [-g <group/gid>]

[-s <login_shell] [-d <home_directory>[-m]] [-c <comment>] [-I <gecos>]

[[-A <attrval>][...]]

9.3 LDAP user and group management tools 313