HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

471

472

473

474

475

476

477

478

479

480

ldapugdel(1M) ldapugdel(1M)

details.

-p port Speciﬁes the port number of the directory server to contact. This option is ignored if the

port number is speciﬁed in the hostname as part of the

-h option. Refer to Binding to the

Directory Server below for additional details.

-t type Speciﬁes the service type of entry to be deleted. The service type can be either

passwd or

group,where:

passwd implies posixAccount-type entries and,

group implies posixGroup-type entries.

If unspeciﬁed,

ldapugdel defaults to passwd

Note: to be consistent with the Name Service Switch (see switch(4)), the term

passwd is

used to represent LDAP user entries which contain POSIX account-related information.

-O[protAttr[,...]]

Do not delete the entire user or group entry. Instead delete only the posixAccount or posix-

Group objectclass and associated attributes.

With the

-t passwd option, ldapugdel will remove the posixAccount objectclass and

the following attributes:

• uidNumber

• gidNumber

• homeDirectory

• loginShell

• gecos

With the -t group option, ldapugdel will remove the posixGroup objectclass and the

following attributes:

• gidNumber

• memberUid

• userPassword

The protAttr list is of one or more of the above attribute names separated by commas with

no white-space. If speciﬁed, ldapugdel will not remove the speciﬁed attribute(s).

Special notes for using the -O option:

• Since mapped attributes are often attributes that are shared with other LDAP-enabled

applications, attribute mapping is not supported with ldapugdel .

For example, if uidNumber has been mapped to employeeNumber,

ldapugdel will

still attempt to remove the uidNumber attribute and not the employeeNumber attribute.

• Since the uid, cn, and description attributes, for user entries, and the cn and description

attributes, for group entries, are commonly used by other objectclasses or as naming

attributes,

ldapugdel will not attempt to remove the uid, cn,ordescription attri-

butes, unless failure to remove those attributes would cause an objectclass violation

(because the remaining object classes for that entry would not be able to contain those

attributes).

Use of

-x will force removal of those attributes if allowed by the remaining object

classes for that entry.

• Since the userPassword attribute is often used by other user-related objectclasses,

ldapugdel will not attempt to remove the userPassword attribute when removing

user entries.

Use of -y will override this option, if allowed by the remaining object classes in that

entry.

• ldapugdel will attempt to remove the posixAccount and posixGroup objectclasses

only if they are present. In some cases, when a user or group entry is built using an

abstract class, the posixAccount and posixGroup entries may not be present in the entry.

• Since Active Directory schema and RFC2307 schema conﬂict in the shared deﬁnition of

the homeDirectory attribute, ldapugdel will never remove the homeDirectory attri-

bute if ldapugdel determines the entry being modiﬁed is stored on an Active

HP-UX 11i Version 2: December 2007 Update − 2 − Hewlett-Packard Company 475