ldapugdel.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapugdel(1M) ldapugdel(1M)

NAME

ldapugdel - remove existing accounts or groups from an LDAP directory server

SYNOPSIS

ldapugdel [options ][-t type ][

-h hostname ][-p port ][-O [protAttr[

,...]]]

{

-D DN | uid_name | group_name}

DESCRIPTION

ldapugdel is used to remove POSIX related user or group entries from the directory server. With the

-O option, ldapugdel can be used to remove POSIX related attributes and objectclasses from user or

group entries, without removing the entry itself.

Options

-P Prompt for the administrators bind identity (typically LDAP DN or kerberos principal) and bind

password. Without -P ldapugdel will discover the bind identity and password from the

environment variable LDAP_BINDDN and LDAP_BINDCRED

. If the LDAP_BINDDN or

LDAP_BINDCRED environment variable has not been speciﬁed,

ldapugdel will follow the bind

conﬁguration speciﬁed in the ldapux (5) conﬁguration proﬁle.

If ldapux (5) has speciﬁed "proxy" bind, the bind credential will be read from either the

/etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred ﬁle. The acred ﬁle will only be

used by users that have sufﬁcient administrative privilege to read that ﬁle. Refer to Binding to

the Directory Server below for additional details.

-x Used only with the -O option, forces ldapugdel to remove the uid , cn, and description attri-

butes for either a user or group entry, respectively.

Because use of

-x removes common attributes typically used by other LDAP-enabled applica-

tions, use of it is rarely recommended when removing posixAccount or posixGroup related attri-

butes. If removal of the uid, cn,ordescription would cause an objectclass violation, a warning

message would be generated. -x will try to remove as many attributes as allowed by the direc-

tory server.

-y Used only with the combined with -O and the -t passwd options, forces

ldapugdel to

remove the userPassword attribute from the user entry.

Use of

-y is rarely recommended when removing posixAccount related attributes.

-Z Requires an SSL connection to the directory server, even if the ldapux (5) conﬁguration does not

require the use of SSL.

Use of

-Z requires either a valid server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db

ﬁle. An error will occur if the SSL connection could not be

established.

-ZZ Attempt a TLS connection to the directory server, even if the ldapux (5) conﬁguration does not

require the use of TLS. If a TLS connection is unable to be established a non-TLS and non-SSL

connection will be established.

Use of

-ZZ is not recommended unless alternative methods are used to protect from network

eavesdropping. Use of -ZZ requires either a valid server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db ﬁle. Refer to Binding to the Directory Server below for addi-

tional details.

-ZZZ Requires a TLS connection to the directory server, even if the ldapux (5) conﬁguration does not

require the use of TLS. Use of -ZZZ requires either a valid server or CA certiﬁcate be deﬁned in

the /etc/opt/ldapux/cert8.db ﬁle. An error will occur if the TLS connection could not be

established. Refer to Binding to the Directory Server below for additional details.

-S Upon successful completion, displays the DN of the deleted/updated entry.

Arguments

-h hostname Speciﬁes the host name and optional port number (hostname:port) of the directory

server. This option overrides the server list conﬁgured by ldapux (5).

The hostname ﬁeld also supports speciﬁcation of IPv4 and IPv6 addresses. Note that

when a port is speciﬁed for an IPv6 address, the IPv6 address must be speciﬁed in

square-bracketed form. If the optional port is unspeciﬁed, the port number is assumed to

HP-UX 11i v3: June 2010 Web Release − 1 − Hewlett-Packard Company 1

Summary of content (6 pages)

PAGE 1
ldapugdel(1M) ldapugdel(1M) NAME ldapugdel - remove existing accounts or groups from an LDAP directory server SYNOPSIS ldapugdel [options ] [-t type ] [-h hostname ] [-p port ] [-O [protAttr[,...]]] {-D DN | uid_name | group_name } DESCRIPTION ldapugdel is used to remove POSIX related user or group entries from the directory server. With the -O option, ldapugdel can be used to remove POSIX related attributes and objectclasses from user or group entries, without removing the entry itself.
PAGE 2
ldapugdel(1M) ldapugdel(1M) be 389 or 636 for SSL connections (-Z). Refer to Binding to the Directory Server below for additional details. -p port Specifies the port number of the directory server to contact. This option is ignored if the port number is specified in the hostname as part of the -h option. Refer to Binding to the Directory Server below for additional details. -t type Specifies the service type of entry to be deleted.
PAGE 3
ldapugdel(1M) ldapugdel(1M) • Since Active Directory schema and RFC2307 schema conflict in the shared definition of the homeDirectory attribute, ldapugdel will never remove the homeDirectory attribute if ldapugdel determines the entry being modified is stored on an Active Directory server.
PAGE 4
ldapugdel(1M) ldapugdel(1M) If either of the environment variable LDAP_BINDDN or LDAP_BINDCRED has not been specified, ldapugdel will consult the ldapux (5) configuration for additional information: • The type of credential (user, proxy or anonymous) to use. • The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for administrative users or /etc/opt/ldapux/pcred for non-privileged users).
PAGE 5
ldapugdel(1M) ldapugdel(1M) RETURN VALUE Upon exit, ldapugdel returns the following: 0 <>0 Success. ldapugdel exits with no errors or with one or more warnings. ldapugdel returns with a non-zero exit status if it encounters an error, and messages will be logged to stderr. Messages will follow the below format: code message ERROR: or WARNING: code message Leading extra white space may be inserted to improve readability and follow 80 column screen formatting.
PAGE 6
(Notes) A (Notes) lA 6 Hewlett-Packard Company −1− HP-UX 11i v3: June 2010 Web Release