HP-UX Reference (11i v2 07/12) - 1 User Commands A-M (vol 1)
l
ldapschema(1) ldapschema(1)
-ZZZ Enforces start of TLS request (requires successful server response).
-P path Specifies path to SSL certificate database containing cert8.db and key3.db files.
Default: /etc/opt/ldapux
.
-3 Verifies hostnames in SSL certificates.
-s - Disables syntax substitution in attribute types. Normally, if an attribute type uses an LDAP
syntax not supported on the LDAP directory server, it is mapped to use a higher-level (more
inclusive) syntax supported by that server. If this option is specified, any attribute types that
use unsupported LDAP syntax will not be added to the LDAP directory server schema. See
the MAPPING UNSUPPORTED MATCHING RULES AND LDAP SYNTAXES section for
more details.
-m - Disables matching rule substitution in attribute types. Normally, if an attribute type uses a
matching rule not supported on the LDAP directory server, it is mapped to use a higher-level
(less specific) matching rule supported by that server. If this option is specified, any attribute
types that use unsupported matching rules will not be added to the LDAP directory server
schema. See the MAPPING UNSUPPORTED MATCHING RULES AND LDAP SYNTAXES
section for more details.
-f filename
Stores schema extension instructions in the specified file.
File format depends on the vendor and version of the LDAP directory server (usually LDIF).
When this option is specified, ldapschema will not apply any changes to the LDAP directory
server or its schema.
This option requires specifying the -e option. If filename is set to a dash (
-f -), the output
is redirected to standard output; otherwise, it is stored in the specified filename.
-F Forces installation of schema even if it contains any invalid attribute type or object class
definitions, or the LDAP directory server already has some of its components installed and
their definitions are different from those specified in the schema file.
-v Displays verbose information to standard output.
To extend schema on the LDAP server, HP recommends the following process:
1. Execute ldapschema in query mode (use the -q
option) first to determine the overall status of the
schema.
2. Correct any invalid attribute type or object class definitions, if present.
3. Execute
ldapschema in extend mode (use the -e
option) to install new schema elements on the
LDAP server.
Extending schema containing invalid or incompatible attribute types or object classes is not recommended.
To install elements defined in a schema file containing invalid or incompatible definitions requires specify-
ing the force option (
-F).
SECURITY
For security reasons, the LDAP administrator password may not be specified on the command line. It can
be specified at the prompt (using the -w - option), in a file (using -j filename), or using the
LDAP_BINDCRED environmental variable described in the CONFIGURATION VARIABLES section
below.
CONFIGURATION VARIABLES
The
ldapschema utility tool recognizes the following shell environmental variables.
LDAP_BINDDN
Distinguished name of an administrator who has permissions to read and modify LDAP
directory server schema.
LDAP_BINDCRED
The password for the above privileged LDAP user.
LDAP_HOST The host name of the LDAP directory server.
LDAP_HOST uses the following format: hostname:port.
HP-UX 11i Version 2: December 2007 Update − 3 − Hewlett-Packard Company 547