HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)
l
ldapugmod(1M) ldapugmod(1M)
-ZZ Attempt a TLS connection to the directory server, even if the LDAP-UX configuration does not
require the use of TLS. If a TLS connection is unable to be established a non-TLS and non-SSL
connection will be established.
Use of -ZZ is not recommended unless alternative methods are used to protect from network
eavesdropping. Use of
-ZZ requires either a valid server or CA certificate be defined in the
/etc/opt/ldapux/cert8.db
file. Refer to Binding to the Directory Server below for addi-
tional details.
-ZZZ Requires a TLS connection to the directory server, even if the LDAP-UX configuration does not
require the use of TLS.
Use of
-ZZZ requires either a valid server or CA certificate be defined in the
/etc/opt/ldapux/cert8.db
file. An error will occur if the TLS connection could not be
established. Refer to Bindingg to the Directory Server below for additional details.
-N Allows renaming of the RDN (Relative Distinguished Name) of an LDAP directory entry. In some
cases, when an attribute is modified, it may be the same attribute that is used in the RDN portion
of the entry’s distinguished name. Changing the attribute and value that is used in the RDN
requires changing the RDN.
For example, suppose an entry in the directory server is named:
cn=Robert Smith,ou=Marketing,dc=acme,dc=com
If the cn attribute is changed to cn=Bob Smith then the DN would also need to change to:
cn=Bob Smith,ou=Marketing,dc=acme,dc=com
Modification of an RDN is generally discouraged since the DN is often used as a unique way to
identify the entry in the directory server. Often the DN is used to define membership in a group.
So to prevent accidental changing of the DN, the -N option must be specified to allow changing of
the RDN. When the DN of an entry changes, the group membership information for this entry
may become inconsistent.
However, most directory servers have the inherent ability to update all entries that refer to the
updated DN of a changed entry. So ldapugmod will not attempt to perform modifications to
other entries in the directory server that refer to this entry by its DN.
NOTE: ldapugmod will not allow renaming of multi-valued RDNs; for example, an RDN of
cn=test1+cn=test2
is not supported.
-F Force modification of the user or group entry even if particular error conditions occur. The error
conditions that can be overridden are:
• The changed user name or group name already exists in the directory server.
• The changed user id or group id number already exists in the directory server.
• Adding a member to a group when that member is not defined in the LDAP directory. In this
case, membership will always be defined using the memberUid attribute, regardless of attribute
mapping defined for group membership.
• When modifying the group of a user with a group ID that can not be found in any name service
repository. In this case, the group ID number must be specified.
Note that some directory servers perform their own attribute and RDN uniqueness checks. In this
case, even if the -F option is specified, if the directory server detects a collision ldapugmod will
be unable to modify the specified entry.
-S Upon successful completion, display the DN of the updated entry.
Arguments
-t type Specifies if the command-line arguments are applicable to modifying user or group. type is
expected to be either passwd or group. If unspecified, ldapugmod defaults to
passwd.
Note: to be consistent with the Name Service Switch (see switch(4)), the term passwd
(instead of user) is used to represent LDAP user entries which contain POSIX account-
related information.
490 Hewlett-Packard Company − 2 − HP-UX 11i Version 2: December 2007 Update