LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

391

392

393

394

395

396

397

398

399

400

Figure 19 Changing passwords on master server with ldappasswd

Updates

Master LDAP

Directory Server

Replica LDAP

Directory Server

passwd(1) can

modify master

LDAP server

ldappasswd(1) can

modify the master

LDAP server

LDAP-UX

Clients 1-50

LDAP-UX

Clients 51-100

For more information about the ldappasswd command, see Section 9.4.2 (page 356).

Figure 20 Sample passwd command wrapper

#!/usr/bin/ksh

# You can put a default master LDAP server host name

# here. Otherwise the local host is the default.

#LDAP_MASTER="masterHostName"

if [[ "$1" != "" ]]

then

LDAP_MASTER="$1"

if [[ "$LDAP_MASTER" = "" ]]

then

eval "$(sed -e "1,/Service: NSS/d" /etc/opt/ldapux/ldapux_client.conf | \

grep "^LDAP_HOSTPORT")"

LDAP_MASTER="$(echo $LDAP_HOSTPORT | cut -d" " -f 1)"

LDAP_BASEDN="$(grep -i "^defaultsearchbase:" \

/etc/opt/ldapux/ldapux_profile.ldif | cut -d" " -f 2-99)"

/opt/ldapux/bin/ldappasswd -b "$LDAP_BASEDN" -h $LDAP_MASTER

Alternatively, your users may use a simple LDAP gateway through a web browser connected to

the directory to change their password. The advantage to this method is that your users can also

change their other personal information, as described in Section 10.2 (page 392).

10.2 Modifying personal information

Users have several means for changing their personal information. On HP-UX systems, users change

their personal information (sometimes called "gecos" information) such as full name, phone number,

and location with the chfn command. This command modifies the /etc/passwd file. HP-UX

users change their login shell with the chsh command, which also changes the /etc/passwd file.

Because of authentication and access permission requirements, these commands do not directly

support LDAP-managed data. For more information about these commands, see the chfn(1) and

chsh(1) manpages, respectively.

If directory server access control permissions alIow, users can instead use the ldapugmod and

ldapmodify commands to change some of their own attributes. You might need to grant users

permissions to modify their own attributes. Directory server vendors can use unique methods for

392 User tasks