HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

491

492

493

494

495

496

497

498

499

500

ldapugmod(1M) ldapugmod(1M)

Note also that shells command history log may contain copies of the executed commands that show

setting of these variables. Access to a shell’s history ﬁle must be protected. Speciﬁcation of the LDAP

administrator’s credentials on the command line is not allowed since information about the currently

running processes can be exposed externally from the session.

Use of the -P eliminates the need to set the mentioned environment variables by interactively prompt-

ing for the required credentials.

LDAP-UX PROFILE

ldapugmod makes use of the LDAP-UX conﬁguration proﬁle to determine the information model used in

the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services

Administrator’s Guide for additional information about the conﬁguration proﬁle.

EXTERNAL INFLUENCES

Environment Variables

LDAP_UGCRED When used in combination with the

-PW option, LDAP_UGCRED speciﬁes the pass-

word of a user or group which need to be modiﬁed.

Note, use of passwords for groups is not recommended.

Also, if LDAP-UX attributed mapping for the userPassword attribute has not been

deﬁned or set to

*NULL*, ldapugmod will modify passwords in the userPassword

attribute.

LDAP_BINDDN Speciﬁed the DN of a user with sufﬁcient directory server privilege to create new

users and/or groups in the LDAP directory server. While this variable is optional, if

LDAP_BINDDN is speciﬁed, LDAP_BINDCRED

must also be speciﬁed.

LDAP_BINDCRED A password or other type of credential used for the user speciﬁed by the

LDAP_BINDDN . While this variable is optional, if LDAP_BINDCRED

is speciﬁed,

LDAP_BINDDN must also be speciﬁed.

Refer to Security Considerations for important security impacts when these environment variables are

used.

RETURN VALUE

Upon exit,

ldapugmod returns the following:

0 Success. ldapugmod exits with no errors or with one or more warnings.

<>0 ldapugmod returns with a non-zero exit status if it encounters an error, and messages will be

logged to stderr.

Messages will follow the below format:

ERROR: code

message

WARNING: code

message

Leading extra white space may be inserted to improve readability and follow 80 column screen for-

matting.

code will be a programmatically parsable error key-string, while

message will be human-readable. Refer to the LDAP-UX Client Services Administrator’s Guide

for a list of possible error codes generated by the LDAP user and group management

tools.

WARNINGS

Under common usage, ldapugmod uses the LDAP replace operation when changing values of an attribute

in an entry. This feature can impact attributes that have multiple values, by removing all occurrences of

an attribute value and replacing it with the one speciﬁed on the ldapugmod command line.

For example, if the -n argument is used to specify a new name for a posixGroup, all occurrences of the cn

attribute will be replaced by the value speciﬁed for the -n argument. This mode of operation applies to all

command argument speciﬁed values, including -u, -g, -s, -d, -I, and -c.

HP-UX 11i Version 2: December 2007 Update − 7 − Hewlett-Packard Company 495