LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
attributes from a group entry. Because use of -x removes common attributes typically used
by other LDAP-enabled applications, HP rarely recommends you to use the -x option when
removing posixAccount or posixGroup related attributes. If removal of the uid, cn, or
description causes an object class violation, ldapugdel generates a warning message.
With the -x option, LDAP-UX tries to remove as many attributes as allowed by the directory
server.
-y Uses this option only with the -O and -t passwd options. This option forces ldapugdel
to remove the userPassword attribute from the user entry. HP does not recommend you
to use the -y option when removing posixAccount related attributes.
-Z Requires an SSL connection to the LDAP directory server, even if the LDAP-UX configuration
does not require the use of SSL. Using the -Z option requires that either a valid directory
server or a CA certificate is defined in the /etc/opt/ldapux/cert8.db file. An error
occurs if the SSL connection cannot be established.
-ZZ Attempts a TLS connection to the directory server, even if the LDAP-UX configuration does
not require the use of TLS. If a TLS connection cannot be established, a nonTLS and nonSSL
connection will be established. Do not use -ZZ unless alternative methods are used to
protect against network eavesdropping. Use of -ZZ requires that either a valid directory
server or a CA certificate is defined in the /etc/opt/ldapux/cert8.db file.
-ZZZ Requires a TLS connection to the LDAP directory server, even if the LDAP-UX configuration
does not require the use of TLS. Using the -ZZZ option requires that either a valid directory
server or a CA certificate is defined in the /etc/opt/ldapux/cert8.db file. An error
occurs if the TLS connection cannot be established.
-S Displays the Distinguish Name (DN) of the deleted or updated entry when the operation
successfully completes.
9.3.7.4 Arguments
The following describes command arguments:
-h <hostname> Specifies the host name and optional port number
(hostname:port) of the LDAP directory server. This option
overrides the server list defined by LDAP-UX configuration profile.
This field supports specification of IPv4 and IPv6 addresses. If
you specify a port for an IPv6 address, you must specify the IPv6
address in a square-bracketed form. If you do not specify the
optional port, the port number defaults to 389 or 636 for SSL
connection (-Z). For example, -h ldapsrvA:389.
-p <port> Specifies the port number of the LDAP directory server to contact.
The ldapugdel tool ignores this option if you specify the port
number in the <hostname> field as part of the -h option.
-t <type> Specifies the type of entry the ldapdel tool needs to delete.
The valid types of this argument are passwd and group. If you
do not specify this argument, ldapugdel defaults to passwd.
The passwd type represents LDAP user entries containing POSIX
account-related information. The group type represents LDAP
group entries containing POSIX group-related information. For
example, -t passwd.
-D <DN> The ldapugdel tool searches for the named user or group using
the search rules defined by the service search descriptor in the
LDAP-UX configuration profile. You can use the -D option to
specify the exact distinguished name (DN) of the entry being
deleted. You may specify only one of -D, <uid_name> or
<group_name> parameter on the command line.
9.3 LDAP user and group management tools 325