LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

331

332

333

334

335

336

337

338

339

340

In this example, the password value will be: Rfxw-"92

-D DN, or host_name Specifies the host DN or POSIX host name for which to apply the

operation. Specifying either -D DN, or host_name is required,

even if the intent is to manage data for the local host. Specify the

host's true full or short name when using host_name. Do not

specifylocalhost when attempting to modify the local host.

If host_name is specified, it is positional-dependent on the

ldaphostmgr command line and should be placed after all the

command options.

If host_name is specified, ldaphostmgr constructs the DN of

the entry using the host search base as the parent DN. If the search

base for the host's service as defined in the profile is the same as

the default search base, then by default ldaphostmgr adds a host

container to the default search base. For example, if the default

search base is dc=myorg,dc=org, then ldaphostmgr builds

the DN by adding both the ou=hosts container (or

cn=computers for ADS) and the host name to the DN, resulting

in cn=hostname,ou=hosts,dc=myorg,dc=org. If -D DN is

specified, then the host name is extracted from the value defined

in the RDN component of the specified DN.

attr=value Allows modification of arbitrary LDAP attributes and values. value

can be an empty string. However, this usage does not remove

attributes and their values from the directory server. Instead, use

the -R option to remove arbitrary attributes:

See Section 9.3.8.6 (page 338) for the impact of using this option.

9.3.8.3 Object classes

By default, ldaphostmgr uses the device and ipHost object class when creating new entries (or

the computer object class for ADS). Using certain options will cause additional attributes and their

corresponding object classes to be added to host entries that are being created or modified. These

include the following object classes:

• ldapPublicKey—used when the -k option is specified.

• domainEntity—used when the -r or -P option is specified.

The ldapPublicKey and domainEntity object classes are not added to entries stored in ADS.

9.3.8.4 How ldaphostmgr binds to the directory server

The ldaphostmgr is designed to take advantage of the existing LDAP-UX configuration for

determining to which directory server to bind and how to perform the bind operation. ldaphostmgr

consults the LDAP-UX configuration profile for the following information:

• The list of LDAP directory server hosts

• The authentication method (simple passwords, SASL/DIGEST-MD5, and so on)

If neither the LDAP_BINDDN or LDAP_BINDCRED environment variable is specified, ldaphostmgr

also consults the LDAP-UX configuration for additional information:

• The type of credential (user, proxy, or anonymous) to use

• The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for

administrative users, or /etc/opt/ldapux/pcred for nonprivileged users)

The ldaphostmgr tool attempts to contact the first available directory server defined in the host

list maintained by LDAP-UX. (For more information, see ldapux(5).) As soon as a connection is

9.3 LDAP user and group management tools 337