HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)
l
ldapugadd(1M) ldapugadd(1M)
construct. Typically the cn or uid attribute would be used in the RDN for new passwd entries and the
cn attribute would be used for new group entries.
• The userPassword attribute can not be specified in the template file. See the
-PP option for additional
information about specifying an initial user or group password.
• The memberUid attribute can not be specified in the template file, since the number of eventual
members of a group can not be statically defined when the group is newly created.
ldapugadd will
ignore the memberUid attribute if specified in the template file.
As mentioned above, for each non-pre-defined substitution construct, using the
${name},requires
specification of the name attribute and value on the
ldapugadd command line. If a non-POSIX attribute
is specified in the template file (such as sn) and that attribute/value pair has not been specified on the com-
mand line (attr
=value), ldapugadd will return an error.
To assist with programmatic discovery of the required attributes when creating new entries, the
ldapcfinfo has provided command line options to list the these attributes.
ldapcfinfo -t
passwd -R
will display required attributes when creating new passwd entries.
ldapinfo -t
group -R
will display required attributes when creating new group entries.
Multi-Valued Attributes in Template Files
Template files can support multi-valued attributes. This means that the same attribute name and/or value
can be specified more than once in the template file. Example:
dn: uid=${uid},ou=people,${basedn}
objectclass: InetOrgPerson
objectclass: myOrg
objectclass: posixAccount
sn: ${Surname}
primaryTeam: ${primaryTeam}
secondaryTeams: ${secondaryTeams}
secondaryTeams: ${secondaryTeams}
${posixProfile}
In the above example we assume that secondaryTeams is a multi-valued attribute which should be specified
at least twice for each new posixAccount entry created. In this case,
ldapugadd will fill each attribute
value in order specified in the template file based on the order that those attributes are specified on the
command line. Note if not enough attribute values have been specified on the command line to fill the
attribute values used in the template file, ldapugadd will return an error.
Template File Naming
The default template files for new passwd and group entries are stored in
/etc/opt/ldapux/ug_templates
and are named ug_passwd_default.tmpl
and
ug_group_default.tmpl
.
All template files stored in the
/etc/opt/ldapux/ug_templates
directory must follow a specific
naming format. To allow specification of template files by their short name (see below), the template file
name must begin with
ug followed by the service name being supported. Underbars are used to separate
sections of the name. The remainder of the name may be any keystring, followed by a .tmpl
extension.
For example
ug_passwd_vpn_user.tmpl might be used when creating new users of the "VPN" type.
Template files stored outside of the ug_templates directory need not follow any specific format.
When specifying the name of a template file as part of the -T option on the command line, either the exact
file name or a short name may be used. When specifying the file name, that name may be either a full or
relative path name, but must begin with either the slash (/) or dot (.) characters. That file name may
exist anywhere in the file system.
When specifying the short name, the file must exist under the /etc/opt/ldapux/ug_templates
directory and must follow the format specified above. For example -t passwd -T vpn_user would
be used to specify the template file mentioned above:
/etc/opt/ldapux/ug_templates/ug_passwd_vpn_user.tmpl
.
A short name is defined as the distinguishing portion of the template file name. For example, for the
passwd service, if the short name "operator" is specified, the resulting template file would be
/etc/opt/ldapux/ug_templates/ug_passwd_operator.tmpl.
470 Hewlett-Packard Company − 8 − HP-UX 11i Version 2: December 2007 Update