HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

461

462

463

464

465

466

467

468

469

470

ldapugadd(1M) ldapugadd(1M)

NAME

ldapugadd - add new accounts or groups to an LDAP directory server

SYNOPSIS

ldapugadd [-t passwd][options][

-h hostname][-p port][-b base][

-u uid_number]

[

-g group/gid][

-f full_name][-x domain][-G group/gid[

,...] [-s login_shell]

[

-d home_directory][

-I gecos][-c

comment][-m [-k skel_dir]] [-T template_ﬁle] uid_name

[[attr

=value][...]]

ldapugadd -t group [options][

-h hostname][-p port][-b base][-g

gid_number]

[

-x domain][-M

member[,...]] [-c comment][-T template_ﬁle] group_name [[attr

=value][...]]

ldapugadd -D [-d default_home][

-s default_shell][

-g default_gid][-u min_uid:max_uid]

[

-g min_gid:max_gid]

DESCRIPTION

ldapugadd allows HP-UX administrators to add new POSIX accounts or groups to an LDAP directory

server (see ﬁrst and second syntaxes in SYNOPSIS above). Furthermore,

ldapugadd can be used to

modify the

/etc/opt/ldapux/ldapug.conf

ﬁle to set defaults for creation of new users or groups

(see the third syntax in the SYNOPSIS above).

ldapugadd makes use of user and group template ﬁles that allow ldapugadd to conform to the infor-

mation model used for the types of entries being created. Users of ldapugadd are required to provide

LDAP administrator credentials that have sufﬁcient privilege to perform the user or group add operation in

the LDAP directory server.

Options

-P Prompt for the administrators bind identity (typically LDAP DN or kerberos principal) and bind

password.

Without -P, ldapugadd will discover the bind identity and password from the environment vari-

ables LDAP_BINDDN and LDAP_BINDCRED

. If either the LDAP_BINDDN or

LDAP_BINDCRED environment variable has not been speciﬁed, ldapugadd will follow the bind

conﬁguration speciﬁed in the ldapux conﬁguration proﬁle (see ldapux(5)).

ldapux has speciﬁed "proxy" bind, the bind credential will be read from either the

/etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred ﬁle. The acred ﬁle will only be

used by users that have sufﬁcient administrative privileges to read that ﬁle. Refer to Binding to

the Directory Server below for additional details.

-PP Prompt for the password of the user or group being created. Also, if LDAP-UX attributed mapping

for the userPassword attribute has not been deﬁned or set to

*NULL*, ldapugadd will create

new passwords in the userPassword attribute. To assure accuracy, the user will be prompted twice

for the password.

ldapugadd relies on the directory server for setting of password policy, such

as user-must-change-password-at-ﬁrst-login.

-PW Set the user or group password attribute. Also, if LDAP-UX attributed mapping for the userPass-

word attribute has not been deﬁned or set to

*NULL*, ldapugadd will create new passwords in

the userPassword attribute. If

-PW

is speciﬁed, either the LDAP_UGCRED environment variable

or the

-PP option must be speciﬁed.

-Z Requires an SSL connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of SSL. Use of

-Z requires either a valid server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db ﬁle. An error will occur if the SSL connection could not be

established. Refer to Binding to the Directory Server below for additional details.

-ZZ Attempt a TLS connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of TLS. If a TLS connection is unable to be established a non-TLS and non-SSL

connection will be established. Use of -ZZ is not recommended unless alternative methods are

used to protect from network eavesdropping. Use of -ZZ requires either a valid server or CA

certiﬁcate be deﬁned in the /etc/opt/ldapux/cert8.db ﬁle. Refer to Binding to the Direc-

tory Server below for additional details.

-ZZZ Requires a TLS connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of TLS. Use of -ZZZ requires either a valid server or CA certiﬁcate be deﬁned in

the /etc/opt/ldapux/cert8.db ﬁle. An error will occur if the TLS connection could not be

established. Refer to Binding to the Directory Server below for additional details.

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 463