LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
account, such that a remote login to that host can be performed
using that identity. Specifying -I on a remote host will fail if
LDAP-UX (version > B.05.00) is not installed on that host.
-X Does not prompt for information, including the host’s password or
other interactive confirmation prompts. If required information cannot
be discovered, the command exits with an error. The -F option can
be used to force an override for most confirmation prompts.
-Z Requires an SSL connection to the directory server, even if the
LDAP-UX configuration does not require the use of SSL. Use of -Z
requires that either a valid server or CA certificate be defined in
the /etc/opt/ldapux/cert8.db file. An error occurs if the SSL
connection could not be established. For more information about
how ldaphostmgr binds to the directory server, see
Section 9.3.8.4 (page 337).
-ZZ Attempts a TLS connection to the directory server, even if the
LDAP-UX configuration does not require the use of TLS. If a TLS
connection cannot be established, a nonTLS and nonSSL connection
is established. Using -ZZ is not recommended unless alternative
methods are used to protect against network eavesdropping. Use
of -ZZ requires that either a valid server or CA certificate be defined
in the /etc/opt/ldapux/cert8.db file. For more information
about how ldaphostmgr binds to the directory server, see
Section 9.3.8.4 (page 337).
-ZZZ Requires a TLS connection to the directory server, even if the
LDAP-UX configuration does not require the use of TLS. Use of -ZZZ
requires that either a valid server or CA certificate be defined in
the /etc/opt/ldapux/cert8.db file. An error occurs if the TLS
connection could not be established. For more information about
how ldaphostmgr binds to the directory server, see
Section 9.3.8.4 (page 337).
-P Specifies that the host should be assigned a password. This is
typically used when the host acts as a proxy user for an LDAP-UX
connection to the directory server. In this case, the LDAP
administrator should grant the host the privilege to read LDAP RFC
2307 schema attributes in the directory server. This option prompts
for the host password, unless the password has been specified in
the LDAP_HOSTCRED environment variable. If the -X option is
specified, the host password must be specified in the
LDAP_HOSTCRED environment variable, or an error is returned.
-C If the directory server authentication credentials have not been
specified in the LDAP_BINDDN and LDAP_BINDCRED environment
variables, then the -C option tells ldaphostmgr to use the
credentials specified in the /etc/opt/ldapux/acred file. If that
file does not exist, or the user running ldaphostmgr does not have
sufficient privilege to read that file, then ldaphostmgr prompts
for directory server authentication credentials, unless the -X option
was specified. Without the -C option, the acred file is not used.
-f If the host_name specified is a short name (without the fully
qualified DNS domain), the -f option adds/modifies the fully
qualified host name to the host entry. Example:
cn=host.domain.org. Both the short and full name are added
to the cn (or mapped) attribute. The -f option applies to both the
9.3 LDAP user and group management tools 331