ldaphostmgr.1m (2010 09)
l
ldaphostmgr(1M) ldaphostmgr(1M)
because the owner attribute may be used to grant access control rights for the
defined administrators.
If the user is adding a new host entry (
-a option) and if the -O option is not
specified, the owner attribute will be assigned the DN of the current user (as
authenticated by
ldaphostmgr). Refer to Security Considerations for additional
information.
On ADS, the owner information will be stored in the managedBy attribute. Because
the managedBy attribute is single-valued on ADS, only one owner may be assigned
to the host.
If a DN is specified,
ldaphostmgr
will check to see if the DN exists in LDAP
server. If it does not exist,
ldaphostmgr will prompt to see if the DN should be
added anyway (unless -X is specified, in which case, an error is returned). If
-F is
specified,
ldaphostmgr will set the owner attribute to the specified DN, even if
that DN does not exist in the directory server.
-P Specifies that the host should be assigned a password. This is typically used when
the host acts as a proxy user for an LDAP-UX connection to the directory server. In
this case, the LDAP administrator should grant the host the privilege to read LDAP
RFC 2307 schema attributes in the directory server. This option will prompt for the
host password unless the password has been specified in the
LDAP_HOSTCRED
environment variable.
If the
-X option is specified, the host password must be specified in the
LDAP_HOSTCRED environment variable, or an error will be returned.
-r role Specifies an organizational role for this host. role is a free-format key-string that
will be assigned to the entityRole attribute. The value specified in role will replace
all values for the entityRole attribute.
Note that
-r can be specified more than once if more than one role applies to the
host. Note also that organizations should consider standardizing role key-strings,
such that they can be used in LDAP search filters to discover and manage classes of
systems.
If
! is specified at the beginning of the role, instead the specified role will be
removed. If ! is specified, but no role is specified, then all values specified in the
entityRole attribute will be removed.
Note: On ADS, this attribute does not exist by default and would require modifying
the ADS schema to add this attribute type. Refer to the ldapschema (1M) man page
and the
/etc/opt/ldapux/schema/ldapux50.xml
file provided.
-R attrval Specifies an attribute or specific values of an attribute to be removed from the entry.
The format of attrval is attribute [=value], where attribute is the name of the attri-
bute to remove, and value is the specific instance of that attribute, if the attribute is
multi-valued.
Note that use of the
-R option interacts with the optional attr =value parameters.
The
-R option may be specified more than once per command line.
-S Display the DN of the created, modified or deleted host entry, at the end of the out-
put.
-v Displays additional information used to analyze and troubleshoot usage issues.
-x domain Short, conventional, name of the domain. This option will specify the value for the
entityDomain attribute. Only one domain can be specified.
If
! alone is specified, or is specified at the beginning of the domain, the domain will
be removed.
On ADS, this value is not used, since the location of the host is implied by its loca-
tion in the directory tree. Instead, refer to the
-D or -C options to control the
domain of a host managed in ADS.
-X Do not prompt for information, including the host’s password or other interactive
confirmation prompts. If required information cannot be discovered, the command
will exit with an error. -F can be used to force an override for most confirmation
6 Hewlett-Packard Company − 6 − HP-UX 11i v3: June 2010 Web Release