HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

491

492

493

494

495

496

497

498

499

500

ldapugmod(1M) ldapugmod(1M)

attribute.

Note, refer to the WARNING section below for impacts when using this option.

-c comment Replaces the comment that will be stored in the description attribute, as deﬁned by

RFC2307. Attribute mapping is not deﬁned for the description attribute.

Note, refer to the WARNING section below for impacts when using this option.

uid_name Contains the POSIX-style textual login name of the user entry to modify. This user name

should conform to HP-UX login name requirements. Please refer to passwd(4) for login

name requirements. The uid_name is a required parameter unless the

-D

option is

speciﬁed.

attr

=value Allows modiﬁcation of arbitrary LDAP attributes and values. value may be an empty

string. However this usage will not remove attributes and their values from the directory

server. Instead, use the

-R option to remove arbitrary attributes.

Note, refer to the WARNING section below for impacts when using this option.

Options Applicable to ’-t group’

-g gidNumber

Replaces the group’s numberic id number. If the speciﬁed gidNumber already exists in the

directory server,

ldapugmod will not modify the entry and return an error exit status,

unless the -F option is speciﬁed.

Note, refer to the WARNING section below for impacts when using this option.

-a member[,...]

Adds one or more members to the speciﬁed group. ldapugmod will follow the same

membership syntax as deﬁned by LDAP-UX attribute mapping. Speciﬁcally, if LDAP-UX

has mapped the RFC2307 group membership attribute (memberUid) to a DN-based

membership attribute such as member or uniqueMember, then ldapugmod will deﬁne

membership using the DN of the speciﬁed user.

When specifying a list of members, the list must be comma separated with no white-space.

Even though LDAP-UX supports mapping of the memberUid attribute to multiple attri-

butes simultaneously. ldapugmod

will only use the ﬁrst mapped attribute when deﬁning

membership in the group. If the speciﬁed member does not exist in the LDAP directory,

-F

must be used to deﬁne the member, and only the memberUid attribute syntax will be used.

-a only supports membership deﬁned using static group membership structures, such as

memberUid, member, uniqueMember. Dynamic group membership, such as represented by

memberUrl, is not supported by ldapugmod.

-r member[,...]

Removes one or more members from the speciﬁed group. ldapugmod will search for

membership in the group deﬁned using the memberUid, member, uniqueMember, and

msSFU30posixMember attributes and remove all values that represent the speciﬁed user

(either DN or uid name).

ldapugmod consults the LDAP-UX conﬁguration proﬁle for attribute mapping to deter-

mine which attributes should be modiﬁed to remove the user’s membership. When specify-

ing a list of members, the list must be comma separated with no white-space.

-c comment Replaces the comment that will be stored in the description attribute, as deﬁned by

RFC2307. Attribute mapping is not deﬁned for the description attribute. If comment is an

empty string, ldapugmod will remove the description (or mapped) attribute.

Note, refer to the WARNING section below for impacts when using this option.

group_name Contains the POSIX-style textual group name for the group entry to modify. This name

should conform to HP-UX group name requirements. Please refer to group(4) for group

name requirements. group_name is a required parameter when used with the -t group

option. The group_name should not be speciﬁed if the -D option is speciﬁed.

attr=value Allows modiﬁcation of arbitrary LDAP attributes and values. Refer to attr=value in the

section above for additional information.

Note, refer to the WARNING section below for impacts when using this option.

HP-UX 11i Version 2: December 2007 Update − 5 − Hewlett-Packard Company 493