ldaphostmgr.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldaphostmgr(1M) ldaphostmgr(1M)

NAME

ldaphostmgr - add, modify, delete information about hosts (OS instances), using LDAP

SYNOPSIS

ldaphostmgr [-a | -d| -m]

[-f][-F][

-I][-P][-C][-S][-V][-X][-Z

][-ZZ][-ZZZ]

[

-h servername ][-p port ][

-B relbase ][-x domain ][-O owner ]...

[

-G group]... [-k [[!

|?|ˆ]keytype][-e days_to_expire]] [

-i ipAddr]... [-r role ]...

[

-A attrval ]... [-R attrval ]... [

-c comment][-E envﬁle]{(-D DN)|host_name }

[attr

=value]...

DESCRIPTION

ldaphostmgr allows HP-UX administrators to add, modify or delete information about hosts (OS

instances) that are part of the organization.

•

ldaphostmgr uses the existing ldapux (5) conﬁguration, requiring minimal command-line

options to discover where to store or search for host information, such as which directory

server(s) to contact, proper search ﬁlters ﬁnding hosts and base DNs for storing hosts.

•

ldaphostmgr uses the existing ldapux (5) authentication conﬁguration to determine how to

bind to the LDAP directory server.

•

ldaphostmgr supports attribute mapping for attributes deﬁned by the ipHost objectclass.

Additional attributes used in a host entry (such as owner , entityRole ) are not mappable.

•

ldaphostmgr can be used to centrally manage ssh public keys for hosts.

Options and Arguments

ldaphostmgr supports the following options and arguments.

(

-D DN)|host_name

Speciﬁes the host DN or POSIX host name to apply the operation. Specifying either

-D or host_name is required, even if the intent is to manage data for the local host.

The host’s true full or short name should be speciﬁed when using host_name .

localhost should not be speciﬁed when attempting to modify the local host.

If host_name is speciﬁed, it is positional dependent on the

ldaphostmgr

command-line and should be placed after all the command options (see

SYNOPSIS).

ldaphostmgr will construct the DN of the entry by using host search base as

parent DN. If the search-base for the hosts service as deﬁned in the proﬁle is the

same as the default search base, then by default, ldaphostmgr will add a host

container to the default search base. For example, if the default search base is

dc=myorg,dc=org then

ldaphostmgr will build the DN by adding both the

ou=hosts container (or cn=computers for ADS) and the host name to the DN

resulting in cn=hostname,ou=hosts,dc=myorg,dc=org

-D is speciﬁed, then the host_name will be extracted from the value deﬁned in

the RDN component of the speciﬁed DN.

attr

=value Allows modiﬁcation of arbitrary LDAP attributes and values. value may be an

empty string. However, this usage will not remove attributes and their values from

the directory server. Instead use the -R option to remove arbitrary attributes.

Note, refer to the WARNINGS section below for impacts when using this option.

-a Adds a new host to the directory server. The host will be added to the base speciﬁed

by the host service search descriptor in the LDAP-UX conﬁguration proﬁle (unless

the -D option is used to specify the fully qualiﬁed DN). When creating an entry,

the device and ipHost object classes will be used. Optionally, additional object

classes may be used to describe the host entry. See Object Classes below for more

information.

On ADS, the Computer object class will be used.

The

-a (add), -d (delete), and -m (modify) options are mutually exclusive. The -m

option is the default if none of these three options is speciﬁed.

HP-UX 11i v3: June 2010 Web Release − 1 − Hewlett-Packard Company 1

Summary of content (10 pages)

PAGE 1
ldaphostmgr(1M) ldaphostmgr(1M) NAME ldaphostmgr - add, modify, delete information about hosts (OS instances), using LDAP SYNOPSIS ldaphostmgr [-a | -d| -m] [-f] [-F] [-I] [-P] [-C] [-S] [-V] [-X] [-Z] [-ZZ] [-ZZZ] [-h servername ] [-p port ] [-B relbase ] [-x domain ] [-O owner ]... [-G group ]... [-k [[!|?|ˆ]keytype] [-e days_to_expire]] [-i ipAddr ]... [-r role ]... [-A attrval ]... [-R attrval ]... [-c comment ] [-E envfile ] {(-D DN) | host_name } [attr =value]...
PAGE 2
ldaphostmgr(1M) -A attrval ldaphostmgr(1M) Specifies an attribute and value to be added to an entry. The format of attrval is attribute =value, where attribute is the name of the attribute to add, and value is the specific instance of that attribute. The -A option is used when working with multi-valued attributes, to add a new value for a multi-valued attribute, without removing already existing values for that attribute. Note that use of the -A option interacts with the optional attr =value parameters.
PAGE 3
ldaphostmgr(1M) ldaphostmgr(1M) determine the domain. If the -D option is specified, the value of the RDN (relative distinguished name) will be used to determine the host_name . -F Forces creation of new host entry even if particular error conditions occur. These are: • Setting the owner of a host to an owner that does not exist. If the -O option specified a DN, then that DN will be used as the owner.
PAGE 4
ldaphostmgr(1M) -I ldaphostmgr(1M) Adds/modifies additional information about the host: entityVersion=$(/usr/bin/uname -sr) entityModel=$(/usr/bin/model) On ADS, instead of entityVersion, the operatingSystem, and operatingSystemVersion attributes will be used. entityModel will not be defined in an ADS environment. Note that if a -I option is specified and the host being managed is remote, a remote login to that host will be required and performed by ldaphostmgr to discover that information.
PAGE 5
ldaphostmgr(1M) ldaphostmgr(1M) If ˆ is specified, this control is used to disable remote key management, and indicate to ldaphostmgr that the remote host cannot be directly managed by the solution. And instead, the result from a direct ssh-keyscan should be used to discover the remote host’s public keys. For example, an appliance that supports ssh, but does not have HP-UX on it, cannot respond properly to remote management commands.
PAGE 6
ldaphostmgr(1M) ldaphostmgr(1M) because the owner attribute may be used to grant access control rights for the defined administrators. If the user is adding a new host entry (-a option) and if the -O option is not specified, the owner attribute will be assigned the DN of the current user (as authenticated by ldaphostmgr). Refer to Security Considerations for additional information. On ADS, the owner information will be stored in the managedBy attribute.
PAGE 7
ldaphostmgr(1M) ldaphostmgr(1M) prompts. Require an SSL connection to the directory server, even if the ldapux (5) configuration does not require the use of SSL. -Z Use of -Z requires either a valid server or CA certificate be defined in the /etc/opt/ldapux/cert8.db file. An error will occur if the SSL connection could not be established. Refer to Binding to the Directory Server below for additional details.
PAGE 8
ldaphostmgr(1M) ldaphostmgr(1M) Note, to prevent discovery of the LDAP administrator’s credentials, the LDAP user DN and password must not be specified as command-line options to the ldaphostmgr utility. Security Considerations • Use of ldaphostmgr requires permissions of an LDAP administrator when it performs its operations on the directory server.
PAGE 9
ldaphostmgr(1M) ldaphostmgr(1M) objectClass: device objectClass: iphost objectClass: domainEntity owner: uid=domadmin,ou=People,dc=cup,dc=hp,dc=com entityRole: WebServer entityRole: DBServer Performing the following ldaphostmgr: ldaphostmgr chef "entityRole=NFSServer" Replaces all instances of cn: dn: cn=chef,ou=Hosts,dc=cup,dc=hp,dc=com cn: chef ipHostNumber: 192.0.10.
PAGE 10
ldaphostmgr(1M) ldaphostmgr(1M) LDAP-UX PROFILE ldaphostmgr makes use of the LDAP-UX configuration profile to determine the information model used in the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services Administrator’s Guide for additional information about the configuration profile.