LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

351

352

353

354

355

356

357

358

359

360

NOTE: Although the ldapentry tool will allow the users to modify any information on the

EDITOR window, the directory server has the final decision on accepting the modification. If the

user makes an invalid LDIF syntax, violates the directory's schema or does not have the privilege

to perform the modification, the ldapentry tool will report the error after the EDITOR window is

closed when it tries to update the directory server with the information. The user will be given the

option to reenter the EDITOR and correct the error.

9.4.2 The ldappasswd tool

This section describes the ldappasswd command and its parameters. The ldappasswd command,

installed in /opt/ldapux/bin, is needed on clients that use an LDAP directory replica because

the replica cannot be modified by the passwd command, or any other command.

9.4.2.1 Syntax

ldappasswd [options]

where options can be any of the following:

-b basedn specifies basedn as the base distinguished name of where to start searching.

-h host specifies host as the LDAP server name or IP address.

-c generates an encrypted password on the client. Use this parameter for directories

that do not automatically encrypt passwords. The default is to send the new

password in plain text to the directory. The HP-UX Directory Server and Red Hat

Directory Server support automatic encryption of passwords.

-v prints the software version and exits.

-p port specifies port as the LDAP server TCP port number.

-D binddn specifies binddn as the bind distinguished name.

-w passwd specifies passwd as the bind password (for simple authentication).

-l login specifies login as the UID of the account to change; defaults to the current user.

9.4.2.2 Examples

The following is a command the directory administrator can use to change the password in the

directory for the user steves:

ldappasswd -h sys001.hp.com -p 389 -b "ou=people,o=hp.com"

-D "cn=Jane Admin,ou=admins,dc=hp,dc=com" -w passwd -l steves

9.4.3 The ldapsearch tool

You use the ldapsearch command-line utility to locate and retrieve LDAP directory entries. This

utility opens a connection to the specified server using the specified distinguished name and

password, and locates entries based on the specified search filter. Search results are returned in

LDIF format. For detailed information, see the HP-UX Directory Server configuration, command,

and file reference available at:

http://www.hp.com/go/hpux-security-docs

Click HP-UX Directory Server.

9.4.3.1 Syntax

ldapsearch -b basedn [optional_options][filter]

[optional_list_of_attributes]

where

filterfilter Specifies an LDAP search filter. Do not specify a search filter

if you supply search filters in a file using the -f option.

356 Command and tool reference