LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
• With any POSIX-type identity, the user and group ID numbers are used by the HP-UX operating
system to determine rights and capabilities in the OS and in the file system. For example, a
root user ID 0 has unlimited OS administration and file access rights. Before modifying an
entry, you must be aware of the selected user and group ID number and any policy that may
be associated with that ID.
• Modification (renaming) of a POSIX account does not automatically modify that account’s
membership in groups, unless the LDAP directory server intrinsically provides that capability.
Some LDAP directory servers have a feature known as “referential integrity”, which performs
modification or removal of DN-type attributes if the specified DN is either changed or removed
• As may occur in any identity repository, modifying this repository can open exposure to risks.
The impact of such changes depends on the organization security policy. When using
ldapugmod, you are expected to have full knowledge of the organization security policy and
the impact of modifying identity information in that identity repository.
9.3.6.7 Limitations
Because LDAP directories require data be stored according to the UTF-8 (RFC3629) character
encoding method, all characters displayed by ldapugmod are UTF-8, and assumed to be part of
the ISO-10646 character set. The ldapugmod tool does not perform conversion of the locale
character set to or from the UTF-8 character set.
9.3.6.8 Examples
The following commands set the LDAP_BINDDN and LDAP_BINDCRED environment variables:
export LDAP_BINDDN = "cn=Jane Admin,ou=admins,dc=example,dc=com"
export LDAP_BINDCRED = "Jane_Password"
Run the following command to go to the /opt/ldapux/bin directory where ldapugmod resides:
cd /opt/ldapux/bin
The following commands are used to change the password of the user, mlee, using the new user
password defined in LDAP_UGCRED:
export LDAP_UGCRED = "mlee's new Password"
./ldapugmod -t passwd -PW mlee
The following command replaces the uidNumber value for the user entry, mMackey:
./ldapugmod -t passwd -u 300 mMackey
The following command replaces the sn value for the user entry, mLou:
./ldapugmod -t passwd mLou "sn=Lou"
The following command replaces the gecos fields for the user entry, mLou:
./ldapugmod -t passwd -I "Mike Lou,Building-6,222-2222" mLou
The following command adds the description attribute and value to the user entry, atam:
./ldapugmod -t passwd -A "description=test user entry" atam
The following command extends the existing user entry,
userid=212,ou=users,dc=example,dc=com, with the POSIX attributes and values for
homeDirectory, uid, and gidNumber. The ldapugmod tool adds the PosixAccount object
class to the entry.
./ldapugmod -t passwd -D "userid=212,ou=users,dc=example,dc=com"
-O -A "homeDirectory=/home/testusr" -A "gidNumber=200" -A "uid=testusr"
The following command adds the three members, atam, mlou, mscott, to the group entry,
groupA:
./ldapugmod -t group -a atam,mlou,mscott GroupA
The following command removes one member, atam from the group entry, groupB:
9.3 LDAP user and group management tools 323