HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

461

462

463

464

465

466

467

468

469

470

ldapugadd(1M) ldapugadd(1M)

ldapugadd will follow the same membership syntax as deﬁned by LDAP-UX attribute

mapping. Speciﬁcally, if LDAP-UX has mapped the RFC2307 group membership attribute

(memberUid) to a DN-based membership attribute such as member or uniqueMember, then

ldapugadd will deﬁne membership using the DN of the speciﬁed user. If memberUid has

been mapped to more than one attribute type,

ldapugadd will use the ﬁrst attribute

deﬁned by the mapping.

Note that

ldapugadd can only add members to a group that follow a static membership

syntax (like memberUid, member, and uniqueMember).

ldapugadd will fail if the only

mapping deﬁned uses a dynamic group membership syntax (like memberUrl).

-c comment Speciﬁes a comment that will be stored in the description attribute, as deﬁned by RFC2307.

Attribute mapping is not deﬁned for the description attribute. If unspeciﬁed, the descrip-

tion attribute will not be added to the user’s entry.

-T template_file

Speciﬁes the LDIF template ﬁle that will be used to create new group entries. The

template_ﬁle parameter may either be a full or relative path name or a "short" name. Refer

to Template File Naming below for additional information.

group_name Required Argument. Contains the POSIX-style textual group name for the new group

entry. This name should conform to HP-UX group name requirements. Please refer to

group(4) for group name requirements. gid_name is a required parameter, must follow all

command-line options and must precede the attr

=value parameters (if provided).

attr=value Allows speciﬁcation of arbitrary LDAP attributes and values. Refer to attr

=value in the

section above for additional information. attr

=value parameters are optional, but must be

speciﬁed as the last parameters on the command line.

Template Files

One of the beneﬁts of LDAP directory servers is the ﬂexibility to support customized data models to meet

organizational requirements. This ﬂexibility allows each directory deployment to deﬁne unique data models

for users and groups. Because of this, it’s not possible for ldapugadd to be able to create new user or

group entries in the directory server and also follow the desired data model, without some description of

that data model.

Template ﬁles for user and group entries allow

ldapugadd to discover the required data models for new

user and group entries. Template ﬁles deﬁne what data is required to create new user and group entries

and allow ldapugadd to discover required attributes and data elements before creating the entries.

To explain this concept, the below examples show the default templates for a standard directory server for

a passwd and group entry. Samples, such as the one below, are delivered with LDAP-UX, including sam-

ples for ADS.

Below is a sample default template for standard directory server:

dn: uid=${uid},ou=people,${basedn}

objectclass: InetOrgPerson

objectclass: posixAccount

sn: ${Surname}

${posixProfile}

dn: cn=${cn},ou=groups,${basedn}

objectclass: groupOfNames

objectclass: posixGroup

${posixProfile}

Below is a sample default template for Windows ADS:

dn: cn=${cn},cn=users,${basedn}

objectclass: user

${posixProfile}

sAMAccountName: ${uid}

msSFU30NisDomain: ${domain}

#By default, ldapugadd creates disabled accounts.

#Change below to 544 to enable accounts by default.

userAccountControl: 546

468 Hewlett-Packard Company − 6 − HP-UX 11i Version 2: December 2007 Update