ldapugmod.1m (2010 09)
l
ldapugmod(1M) ldapugmod(1M)
-c comment Replaces the comment that will be stored in the description attribute, as defined by
RFC2307. Attribute mapping is not defined for the description attribute.
Note, refer to the WARNING section below for impacts when using this option.
uid_name Contains the POSIX-style textual login name of the user entry to modify. This user name
should conform to HP-UX login name requirements. Please refer to passwd(4) for login
name requirements. The uid_name is a required parameter unless the
-D option is
specified.
attr
=value Allows modification of arbitrary LDAP attributes and values. value may be an empty
string. However this usage will not remove attributes and their values from the directory
server. Instead, use the
-R option to remove arbitrary attributes.
Note, refer to the WARNING section below for impacts when using this option.
Options Applicable to ’-t group’
-g gidNumber Replaces the group’s numberic id number. If the specified gidNumber already exists in
the directory server,
ldapugmod will not modify the entry and return an error exit
status, unless the -F option is specified.
Note, refer to the WARNING section below for impacts when using this option.
-a member[,...]
Adds one or more members to the specified group. ldapugmod will follow the same
membership syntax as defined by ldapux (5) attribute mapping. Specifically, if ldapux (5)
has mapped the RFC2307 group membership attribute (memberUid ) to a DN-based
membership attribute such as member or uniqueMember , then
ldapugmod will define
membership using the DN of the specified user.
When specifying a list of members, the list must be comma separated with no white-
space. Even though ldapux (5) supports mapping of the memberUid attribute to multiple
attributes simultaneously.
ldapugmod
will only use the first mapped attribute when
defining membership in the group. If the specified member does not exist in the LDAP
directory,
-F must be used to define the member, and only the memberUid attribute syn-
tax will be used.
-a only supports membership defined using static group membership structures, such as
memberUid , member, uniqueMember . Dynamic group membership, such as represented
by memberUrl , is not supported by ldapugmod.
-r member[,...]
Removes one or more members from the specified group. ldapugmod will search for
membership in the group defined using the memberUid , member , uniqueMember , and
msSFU30posixMember attributes and remove all values that represent the specified user
(either DN or uid name).
ldapugmod consults the ldapux (5) configuration profile for attribute mapping to deter-
mine which attributes should be modified to remove the user’s membership. When speci-
fying a list of members, the list must be comma separated with no white-space.
-c comment Replaces the comment that will be stored in the description attribute, as defined by
RFC2307. Attribute mapping is not defined for the description attribute. If comment is
an empty string, ldapugmod will remove the description (or mapped) attribute.
Note, refer to the WARNING section below for impacts when using this option.
group_name Contains the POSIX-style textual group name for the group entry to modify. This name
should conform to HP-UX group name requirements. Please refer to group (4) for group
name requirements. group_name is a required parameter when used with the
-t group
option. The group_name should not be specified if the -D option is specified.
attr
=value Allows modification of arbitrary LDAP attributes and values. Refer to attr =value in the
section above for additional information.
Note, refer to the WARNING section below for impacts when using this option.
Binding to the Directory Server
ldapugmod has been designed to take advantage of the existing ldapux (5) configuration for determining
to which directory server to bind and how to perform the bind operation. ldapugmod will consult the
HP-UX 11i v3: June 2010 Web Release − 5 − Hewlett-Packard Company 5