LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
because the owner attribute may be used to grant access control
rights for the defined administrators.
To replace an owner of the host, you may specify the -O option
twice to remove the existing user and add a new one. For example:
ldaphostmgr -O !user:olduser -O user:newuser hostname
If the user is adding a new host entry (-a option) and if the -O
option is not specified, the owner attribute is assigned the DN of
the current user (as authenticated by ldaphostmgr). Refer to
Security Considerations for additional information.
On ADS, the owner information is stored in the managedBy
attribute. Because the managedBy attribute is single-valued on ADS,
only one owner may be assigned to the host.
If DN is specified, ldaphostmgr determines whether the DN exists
in the LDAP server. If it does not exist, ldaphostmgr prompts to
see if the DN should be added anyway (unless the -X option is
specified, in which case an error is returned). If the -F option is
specified, ldaphostmgr sets the owner attribute to the specified
DN, even if that DN does not exist in the directory server.
-c comment Specifies the comment/description to be associated with the host
entry. The comment text is added as a value in the description
attribute. If the description attribute exists, then all values are
replaced with the specified comment. If the ! option is specified,
the description attribute is removed entirely.
-k [!|?|^]keytype Adds, changes, removes, or validates ssh keys for the host. The
keytype is either a key-string as defined in the -t option of the
ssh-keygen manpage (currently defined as rsa1, rsa, and dsa),
the key-string all, or a file path name that references a file that
contains keys for the host. The key-file format is the same as a
host-key file (such as found in /etc/opt/ssh/ssh*.pub), except
that more than one key may be specified, on separate lines. If a
key-file is specified, the keys found in the key-file are simply
added/modified in the host entry, without validation of the actual
keys used on the host. The !, ?, and ^ controls do not apply when
using a key-file.
When adding or modifying keys (neither the ! nor ? controls are
specified) and keytype is one of the specified keystrings (not a
key-file path), then for the specified key type (or all key types), the
following action is performed:
• If the key of that type exists on the host, but does not yet exist
in the directory server entry for this host, then that key is added
to the directory server entry for the host.
• If the key of that type does not exist on the host, a new key on
the host is created, and that key is added to the directory server
entry for this host. If the host entry already contains a key of
the same type, that key is replaced in the entry with the newly
created key.
• If the key of that type exists on both the host and in the host’s
directory server entry, then ldaphostmgr changes the current
key of that type on the host and then replaces that key in the
host’s directory server entry. ldaphostmgr will prompt for
9.3 LDAP user and group management tools 333