ldapugmod.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapugmod(1M) ldapugmod(1M)

running processes can be exposed externally from the session.

Use of the

-P eliminates the need to set the mentioned environment variables by interactively prompt-

ing for the required credentials.

LDAP-UX PROFILE

ldapugmod makes use of the LDAP-UX conﬁguration proﬁle to determine the information model used in

the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services

Administrator’s Guide for additional information about the conﬁguration proﬁle.

EXTERNAL INFLUENCES

Environment Variables

LDAP_UGCRED When used in combination with the -PW

option, LDAP_UGCRED speciﬁes the

password of a user or group which need to be modiﬁed.

Note, use of passwords for groups is not recommended.

Also, if ldapux (5) attributed mapping for the userPassword attribute has not been

deﬁned or set to

*NULL*,

ldapugmod will modify passwords in the userPass-

word attribute.

LDAP_BINDDN Speciﬁed the DN of a user with sufﬁcient directory server privilege to create new

users and/or groups in the LDAP directory server. While this variable is optional,

LDAP_BINDDN is speciﬁed, LDAP_BINDCRED

must also be speciﬁed.

LDAP_BINDCRED A password or other type of credential used for the user speciﬁed by the

LDAP_BINDDN. While this variable is optional, if LDAP_BINDCRED

is speciﬁed,

LDAP_BINDDN must also be speciﬁed.

Refer to Security Considerations for important security impacts when these environment variables are

used.

RETURN VALUE

Upon exit,

ldapugmod returns the following:

0 Success.

ldapugmod exits with no errors or with one or more warnings.

<>0

ldapugmod returns with a non-zero exit status if it encounters an error, and messages will be

logged to stderr.

Messages will follow the below format:

ERROR: code

message

WARNING: code

message

Leading extra white space may be inserted to improve readability and follow 80 column screen

formatting.

code will be a programmatically parsable error key-string, while

message will be human-readable. Refer to the LDAP-UX Client Services Administrator’s Guide

for a list of possible error codes generated by the LDAP user and group management

tools.

WARNINGS

Under common usage,

ldapugmod uses the LDAP replace operation when changing values of an attri-

bute in an entry. This feature can impact attributes that have multiple values, by removing all

occurrences of an attribute value and replacing it with the one speciﬁed on the ldapugmod command

line.

For example, if the

-n argument is used to specify a new name for a posixGroup, all occurrences of the cn

attributete will be replaced by the value speciﬁed for the -n argument. This mode of operation applies to

all command argument speciﬁed values, including -u, -g, -s, -d, -I, and -c.

When the attr

=value parameter is used to modify an existing attribute, the ldapugmod command will

also use the LDAP replace operation. The replace operation will remove all occurrences of the speciﬁed

HP-UX 11i v3: June 2010 Web Release − 7 − Hewlett-Packard Company 7