ldapugmod.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapugmod(1M) ldapugmod(1M)

NAME

ldapugmod - modify existing POSIX accounts or groups in an LDAP directory server

SYNOPSIS

ldapugmod [-t passwd][options ][

-h hostname ][-p port ][-f full_name ][

-n name]

[

-u uidNumber ][-g

group/gid][-s login_shell ][-d home_directory [

-m]] [-I gecos]

[

-c comment][[-A

attrval ] [...]] [[-R attrval ] [...]] {-D DN | uid_name} [[attr

=value][...]]

ldapugmod -t group [options ][

-h hostname][-p port][-n new_name][-g

gidNumber ][-c

comment][-a member[,

...]] [-r member[,...]] [[-A attrval ] [...]]

[[

-R attrval][...]] {-D

DN | group_name}[[attr=value][...]]

DESCRIPTION

ldapugmod allows HP-UX administrators to modify existing POSIX accounts or groups in an LDAP

directory server.

When using extended options,

ldapugmod can also be used to modify arbitrary attributes for user or

group entries.

Users of

ldapugmod are required to provide LDAP administrator credentials that have sufﬁcient

privilege to perform the user or group modify operations in the LDAP directory server.

Options

-P Prompt for the administrator’s bind identity (typically LDAP DN or kerberos principal) and bind

password.

Without

-P ldapugmod will discover the bind identity and password from the environment

variables LDAP_BINDDN and LDAP_BINDCRED

. If either the LDAP_BINDDN or

LDAP_BINDCRED environment variables have not been speciﬁed, ldapugmod will follow the

bind conﬁguration speciﬁed in the ldapux (5) conﬁguration proﬁle.

If ldapux (5) has speciﬁed "proxy" bind, the bind credential will be read from either the

/etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred ﬁle. The acred ﬁle will only be

used by users that have sufﬁcient administrative privilege to read that ﬁle.

Refer to Binding to the Directory Server below for additional details.

-PP Prompt for the password of the user or group being modiﬁed. If the

-PP option is not speciﬁed,

the password for the modiﬁed user or group will be retrieved from the

LDAP_UGCRED environ-

ment variable if the

-PW option is speciﬁed.

Use of

-PP implies the use of -PW.

-PW Change the user or group password attribute.

Also, if ldapux (5) attributed mapping for the userPassword attribute has not been deﬁned or set

*NULL*, ldapugmod will create new passwords in the userPassword attribute.

-PW is speciﬁed, either the LDAP_UGCRED environment variable or the -PP option must be

speciﬁed.

-O With ldapugmod, it is possible to extend posixAccount and posixGroup attributes to a user or

group entry that does not already contain the posixAccount or posixGroup object class. This abil-

ity requires use of the -D option. With -O, ldapugmod will add the posixAccount or posix-

Group object class and respective attributes (depending on if the -t passwd or -t group

option) to the entry being modiﬁed.

Note that when used with Active Directory service, if the user or group entry is built using the

abstract "User" or "Group" class.

ldapugmod will assume that the abstract class already

includes the required MS SFU attributes, and thus will not add the posixAccount or posixGroup

objectclass to the entry.

-Z Requires an SSL connection to the directory server, even if the ldapux (5) conﬁguration does not

require the use of SSL. Use of -Z requires either a valid server or CA certiﬁcate be deﬁned in

the /etc/opt/ldapux/cert8.db ﬁle.

An error will occur if the SSL connection could not be established. Refer to Binding to the Direc-

tory Serve below for additional details.

-ZZ Attempt a TLS connection to the directory server, even if the ldapux (5) conﬁguration does not

require the use of TLS. If a TLS connection is unable to be established a non-TLS and non-SSL

HP-UX 11i v3: June 2010 Web Release − 1 − Hewlett-Packard Company 1

Summary of content (10 pages)

PAGE 1
ldapugmod(1M) ldapugmod(1M) NAME ldapugmod - modify existing POSIX accounts or groups in an LDAP directory server SYNOPSIS ldapugmod [-t passwd] [options ] [-h hostname ] [-p port ] [-f full_name ] [-n name] [-u uidNumber ] [-g group /gid] [-s login_shell ] [-d home_directory [-m]] [-I gecos] [-c comment ] [[-A attrval ] [...]] [[-R attrval ] [...]] {-D DN | uid_name} [[attr =value][...]] ldapugmod -t group [options ] [-h hostname ] [-p port ] [-n new_name ] [-g gidNumber ] [-c comment ] [-a member[,...
PAGE 2
ldapugmod(1M) ldapugmod(1M) connection will be established. Use of -ZZ is not recommended unless alternative methods are used to protect from network eavesdropping. Use of -ZZ requires either a valid server or CA certificate be defined in the /etc/opt/ldapux/cert8.db file. Refer to Binding to the Directory Server below for additional details. -ZZZ Requires a TLS connection to the directory server, even if the ldapux (5) configuration does not require the use of TLS.
PAGE 3
ldapugmod(1M) ldapugmod(1M) The hostname field also supports specification of IPv4 and IPv6 addresses. Note that when a port is specified for an IPv6 address, the IPv6 address must be specified in square-bracketed form. If the optional port is unspecified, the port number is assumed to be 389 or 636 for SSL connections (-Z). Refer to Binding to the Directory Server below for additional details. -p port Specifies the port number of the directory server to contact.
PAGE 4
ldapugmod(1M) ldapugmod(1M) the member from the previous group, must be done with separate ldapudmod operations. Refer to the WARNING section below for additional impacts when using this option. -s login_shell Replaces the full path name to the executable that will be used to handle login sessions for this user. If login_shell is an empty string, ldapugmod will remove the loginShell (or mapped) attribute. ldapudmod will issue a WARNING if the specified login shell does not exist on the local system.
PAGE 5
ldapugmod(1M) -c comment ldapugmod(1M) Replaces the comment that will be stored in the description attribute, as defined by RFC2307. Attribute mapping is not defined for the description attribute. Note, refer to the WARNING section below for impacts when using this option. uid_name Contains the POSIX-style textual login name of the user entry to modify. This user name should conform to HP-UX login name requirements. Please refer to passwd (4) for login name requirements.
PAGE 6
ldapugmod(1M) ldapugmod(1M) ldapux (5) configuration profile for the following information: • The list of LDAP directory server hosts. • The authentication method (simple passwords, SASL Digest MD5, etc.) If either of the environment variables LDAP_BINDDN or LDAP_BINDCRED have not been specified, ldapugmod will also consult the ldapux (5) configuration for additional information: • The type of credential (user, proxy or anonymous) to use.
PAGE 7
ldapugmod(1M) ldapugmod(1M) running processes can be exposed externally from the session. Use of the -P eliminates the need to set the mentioned environment variables by interactively prompting for the required credentials. LDAP-UX PROFILE ldapugmod makes use of the LDAP-UX configuration profile to determine the information model used in the directory server to store POSIX attributes.
PAGE 8
ldapugmod(1M) ldapugmod(1M) attribute for an entry and replace it with the value specified. If there are multiple values for a single attribute in an entry, the use of a single attr =value parameter will replace all values with the single value specified on the command line. Note that it is possible to specify more than one occurrence of the same attribute on the command line, if that attribute is multi-valued. In which case, both values will be created in the entry.
PAGE 9
ldapugmod(1M) ldapugmod(1M) SEE ALSO ldapcfinfo(1M), ldapugadd(1M), ldapugdel(1M), ldapuglist(1M), ldapux(5).
PAGE 10
(Notes) A (Notes) lA 10 Hewlett-Packard Company −1− HP-UX 11i v3: June 2010 Web Release