HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

481

482

483

484

485

486

487

488

489

490

ldapugmod(1M) ldapugmod(1M)

NAME

ldapugmod - modify existing POSIX accounts or groups in an LDAP directory server

SYNOPSIS

ldapugmod [-t passwd][options][

-h hostname][-p port][-f full_name][

-n name]

[

-u uidNumber][-g

group/gid][-s login_shell][-d home_directory [

-m]] [-I

gecos]

[

-c comment][[-A

attrval] [...]] [[-R attrval] [...]] {-D DN | uid_name} [[attr

=value][...]]

ldapugmod -t group [options][

-h hostname][-p port][-n new_name][-g

gidNumber][-c

comment][-a member[

,...]] [-r member[,...]] [[-A attrval] [...]]

[[

-R attrval][...]] {-D

DN | group_name}[[attr=value][...]]

DESCRIPTION

ldapugmod allows HP-UX administrators to modify existing POSIX accounts or groups in an LDAP direc-

tory server.

When using extended options, ldapugmod can also be used to modify arbitrary attributes for user or

group entries.

Users of ldapugmod are required to provide LDAP administrator credentials that have sufﬁcient privilege

to perform the user or group modify operations in the LDAP directory server.

Options

-P Prompt for the administrator’s bind identity (typically LDAP DN or kerberos principal) and bind

password.

Without -P ldapugmod will discover the bind identity and password from the environment vari-

ables LDAP_BINDDN and LDAP_BINDCRED. If either the

LDAP_BINDDN or

LDAP_BINDCRED environment variables have not been speciﬁed, ldapugmod will follow the

bind conﬁguration speciﬁed in the LDAP-UX conﬁguration proﬁle.

If LDAP-UX has speciﬁed "proxy" bind, the bind credential will be read from either the

/etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred ﬁle. The acred ﬁle will only be

used by users that have sufﬁcient administrative privilege to read that ﬁle.

Refer to Binding to the Directory Server below for additional details.

-PP Prompt for the password of the user or group being modiﬁed. If the

-PP option is not speciﬁed,

the password for the modiﬁed user or group will be retrieved from the

LDAP_UGCRED

environ-

ment variable if the

-PW option is speciﬁed.

Use of -PP implies the use of -PW.

-PW Change the user or group password attribute.

Also, if LDAP-UX attributed mapping for the userPassword attribute has not been deﬁned or set to

*NULL*, ldapugmod will create new passwords in the userPassword attribute.

-PW is speciﬁed, either the LDAP_UGCRED environment variable or the -PP

option must be

speciﬁed.

-O With ldapugmod , it is possible to extend posixAccount and posixGroup attributes to a user or

group entry that does not already contain the posixAccount or posixGroup object class. This ability

requires use of the -D option. With -O, ldapugmod will add the posixAccount or posixGroup

object class and respective attributes (depending on if the -t passwd or -t group option) to

the entry being modiﬁed.

Note that when used with Active Directory service, if the user or group entry is built using the

abstract "User" or "Group" class. ldapugmod will assume that the abstract class already includes

the required MS SFU attributes, and thus will not add the posixAccount or posixGroup objectclass

to the entry.

-Z Requires an SSL connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of SSL. Use of -Z requires either a valid server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db ﬁle.

An error will occur if the SSL connection could not be established. Refer to Binding to the Direc-

tory Serve below for additional details.

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 489