HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

471

472

473

474

475

476

477

478

479

480

ldapugadd(1M) ldapugadd(1M)

Note also that shells command history log may contain copies of the executed commands that show

setting of these variables. Access to a shell’s history ﬁle must be protected. Speciﬁcation of the LDAP

administrator’s credentials on the command line is not allowed since information about the currently

running processes can be exposed externally from the session.

Use of the -P eliminates the need to set the mentioned environment variables by interactively prompt-

ing for the required credentials.

LDAP-UX PROFILE

ldapugadd makes use of the LDAP-UX conﬁguration proﬁle to determine the information model used in

the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services

Administrator’s Guide for additional information about the conﬁguration proﬁle.

LDAP UG CONFIGURATION FILE

LDAP-UX supports a local conﬁguration ﬁle,

/etc/opt/ldapux/ldapug.conf

. The ldapugadd

tool uses the ldapug.conf ﬁle to manage the following default values when creating new user and group

entries in an LDAP directory server:

• A default group ID for new users

• The valid UID number range for new users

• The valid GID number range for new groups

• The base path for a new user’s home directory. By default, LDAP-UX appends the user’s account name

to the base path to create the full path name.

• The default login shell for new users

LDAP-UX provides the default ldapug.conf ﬁle as follows:

# This file is used by the ldapugadd tool for management

# of default values for creating new user and group entries.

# This file can not be modified directly, but instead through

# the ldapugadd -D command.

uidNumber_range=100:20000

gidNumber_range=100:2000

default_gidNumber=20

default_homeDirectory=/home

default_loginShell=/usr/bin/sh

EXTERNAL INFLUENCES

Environment Variables

LDAP_UGCRED When used in combination with the -PW option, LDAP_UGCRED speciﬁes the pass-

word of a newly created user or group.

Note, use of passwords for groups is not recommended.

Also, if LDAP-UX attributed mapping for the userPassword attribute has not been

deﬁned or set to

*NULL*, ldapugadd will create new passwords in the userPass-

word attribute.

LDAP_BINDDN Speciﬁes the DN of a user with sufﬁcient directory server privilege to create new

users and/or groups in the LDAP directory server.

While this variable is optional, if LDAP_BINDDN is speciﬁed, LDAP_BINDCRED

must also be speciﬁed.

LDAP_BINDCRED A password or other type of credential used for the user speciﬁed by the

LDAP_BINDDN .

While this variable is optional, if LDAP_BINDCRED is speciﬁed, LDAP_BINDDN

must also be speciﬁed.

Refer to Security Considerations for important security impacts when these environment variables are

used.

472 Hewlett-Packard Company − 10 − HP-UX 11i Version 2: December 2007 Update