 |
» |
|
|
|
This section briefly describes the ldapentry, ldappasswd, ldapsearch, ldapmodify and ldapdelete. For detailed information about ldapsearch, ldapmodify, and ldapdelete, refer to the Microsoft Windows Active Directory Server Administrator's Guide available at http://docs.hp.com/en/internet.html ldapentry | |
ldapentry is a script tool that simplifies the task of adding, modifying and deleting entries in a Directory Server. It supports the following name services: passwd, group, hosts, rpc, services, networks, and protocols. ldapentry accepts run-time options either on the command line, or via environment variables, which can be defined locally, in the configuration profile or are read in from the configuration profile. The add and modify functions open an entry into an editor with a pre-defined template to aid the user in providing the necessary directory attributes. The template file is customizable and can be found in /etc/opt/ldapux/ldapentry.templates. The ldapentry command also accepts options through environment variables, configuration files, and the LDAP configuration profiles. Configuration Variable Configuration variables can be defined in the following locations (from most specific to most general): as shell environment variables in a user 'rc' configuration file (~/.ux_ldap_admin_rc) in a global configuration file (/etc/opt/ldapux/ldapclient.conf) in the configuration profile (/etc/opt/ldapux/ldapux_profile.ldif)
The order of evaluation is that any settings on more specific locations will overwrite any settings on more general locations. Environment VariablesThe following environment variables can be defined: - LDAP_BINDDN
The DN of the LDAP user allowed to add, delete, or modify the entry. - LDAP_BINDCRED
The password for the above specified LDAP user. It is recommended to not store the password in any configuration file, the user will be prompted for it when running ldapentry. - LDAP_HOST
Host name of LDAP directory server. - LDAP_BASEDN
The DN of the search base which tells ldapentry where to start the search for the entry. In case of adding an entry, LDAP_BASEDN determines the insert base. - LDAP_SCOPE
The scope of LDAP search (sub, one, base). Will default to sub if LDAP_BASEDN is defined, but LDAP_SCOPE is not. You must define LDAP_BASEDN, if you define LDAP_SCOPE. - INSERT_BASE
This DN tells ldapentry where to insert new entries. This value will default to LDAP_BASEDN or a default discovered by the configuration profile. INSERT_BASE is only used when adding entries. - EDITOR
The editor to use when an entry is added or modified.
ldapentry -<a|m|d> [options] <service value | dn> |
where - -a
Adds a new entry to the directory. - -m
Modifies an existing entry in the directory. - -d
Deletes an existing entry in the directory.
options - -f
Forces command execution with warning override. - -v
Displays verbose information. - -b
Specifies the DN of the search/insert base which defines where ldapentry starts the search/insert for the entry. This option is optional if the LDAP_BASED variable is set. If specified, this option overwrites the LDAP_BASEDN variable setting. - -h
Specifies the host name of the LDAP directory. If not specified, ldapentry uses the local host. - -p
Specifies the TCP port number that the LDAP directory uses. The default is 389. - -D
Specifies the distinguided man (DN) of an administrator who has the authority to add, modify, or delete entries in the LDAP directory. This option is optional if the LDAP_BINDDN environment variables has been set. If specified, this option overwrites the LDAP_BINDDN variable setting.
service The name of the service that will determine the type of entry to edit. Can be either passwd, group, hosts, rpc, services, or networks. value The name of the entry recognized by the directory to be added, modified, or deleted. dn The full distinguished name of the entry to add, modify or delete. Refer to the ldapentry(1) man page for more detailed information. The following configuration variables are defined in the user's configuration file as ~/.ux_ldap_admin_rc: LDAP_BINDDN="cn=Directory Manager" LDAP_HOST="myhost" The Command ldapentry -a passwd UserA will try to bind to the directory on server myhost as Directory Manager, prompt for the credentials, and retrieve the service search descriptor from the profile LDIF file based on the service name passwd. It will then open the template file with the editor defined by the environment variable EDITOR and collect the input to pass it to ldapmodify to add the new entry. The Command ldapentry -m "uid=UserA, ou=People, o=hp.com” will try to bind to the directory on server myhost as Directory Manager, prompt for the credentials, and use the entered DN to retrieve the entry from the directory. It will then populate a template with the retrieved information, and collect the changes to pass to ldapmodify for execution. | | | |  | NOTE: Although the ldapentry tool will allow the users to modify any information on the EDITOR window, the directory server has the final decision on accepting the modification. If the user makes an invalid LDIF syntax, violates the directory's schema or does not have the priviledge to perform the modificaiton, the ldapentry tool will report the error after the EDITOR window is closed when it tries to update the directory server with the information. The user will be given the option to re-enter the EDITOR and correct the error. | | | | |
ldappasswd | |
This section describes the ldappasswd command and its parameters. The ldappasswd command, installed in /opt/ldapux/bin, is needed on clients that use an LDAP directory replica because the replica cannot be modified by the passwd(1) command, or any other command.
where options can be any of the following: - -b basedn
specifies basedn as the base distinguished name of where to start searching. - -h host
specifies host as the LDAP server name or IP address. - -c
generates an encrypted password on the client. Use this parameter for directories that do not automatically encrypt passwords. The default is to send the new password in plain text to the directory. Netscape/Red Hat Directory Server for HP-UX supports automatic encryption of passwords. - -v
prints the software version and exits. - -p port
specifies port as the LDAP server TCP port number. - -D binddn
specifies binddn as the bind distinguished name. - -w passwd
specifies passwd as the bind password (for simple authentication). - -l login
specifies login as the uid of the account to change; defaults to the current user.
The following is a command the directory administrator can use to change the password in the directory for the user steves: ldappasswd -h sys001.hp.com -p 389 -b "ou=people,o=hp.com" \ -D "cn=directory manager" -w passwd -l steves
ldapsearch | |
You use the ldapsearch command-line utility to locate and retrieve LDAP directory entries. This utility opens a connection to the specified server using the specified distinguished name and password, and locates entries based on the specified search filter. Search results are returned in LDIF format. For detailed information, refer to the Microsoft Windows Active Directory Server Administrator' s Guide available at the following web site: http://docs.hp.com/en/internet.html
ldapsearch -b basedn [optional_options][filter]
[optional_list_of_attributes] |
where - filter
Specifies an LDAP search filter. Do not specify a search filter if you supply search filters in a file using the -f option. - optional_options
Specifies a series of command-line options. These must be specified before the search filter, if used. - optional_list_of_attributes
are spaces-separated attributes that specifies the scope of the attributes returned in the search results. This list of attributes must appear after the search filter. Refer to the Microsoft Windows Active Directory Server Administrator's Guide for details.
The section lists the most commonly used ldapsearch command-line options. For more information, refer to Red Hat Directory Server for HP-UX Configuration, Command and File Reference for more information. - -b
Specifies the starting point for the search. The value specified here must be a distinguished name that currently exits in the database. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to search for the entries. - -h
Specifies the hostname or IP address of the Directory Server. If you do not specify a host, ldapsearch uses the local host. - -l
Specifies the maximum number of seconds to wait for a search request to complete. - -P
Specifies the TCP port number that the Directory Server uses. The default is 389. - -s
Specifies the scope of the search. The scope can be one of the following: base: Search only the entry specified in the —b option or defined by the LDAP_BASEDN environment variable. one: Search only the immediate children of the entry specified in the -b option. sub: Search the entry specified in the -b option and all of its descendants. Perform a subtree search starting at the point identified in the -b option. This is the default.
- -w
Specifies the password associated with the distinguished name that is specified in the -D option. - -x
Specifies that the search results are sorted on the server rather than on the client. In general, it is faster to sort on the server rather than on the client. - -f
Specifies the file containing the search filter(s) to be used in the search. Omit this opiton if you want to supply a search filter directly to the command-line.
ldapmodify | |
You use the ldapmodify command-line utility to add or modify entries in an existing LDAP directory. ldapmodify opens a connection to the specified server using the distinguished name and password you supply, and adds or modifies the entries based on the LDIF update statements contained in a specified file. Because ldapmodify uses LDIF update statements, ldapmodify can do everything ldapdelete can do. For detailed information, refer to the Red HatDirectory Server for HP-UX Administrator's Guide available at the following web site: http://docs.hp.com/en/internet.html
ldapmodify [optional_options] |
where - optional_options
Specifies a series of command-line options.
The section lists the most commonly used.ldapmodify options. For more information, refer to Red Hat Directory Server for HP-UX Configuration, Command and File Reference. - -a
Allows you to add LDIF entries to the directory without requiring the changetype:add LDIF update statement. This provides a simplified method of adding entries to the directory. - -B
Specifies the suffix under which the new entries will be added. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to search for the entries. - -f
This option specifies the file containing the LDIF update statements used to define the directory modification. If you do not supply this option, the update statements are read from stdin. - -h
Specifies the hostname or IP address of the Directory Server. If not specified, ldapmodify uses the local host. - -p
Specifies the TCP port number that the Directory Server uses. The default is 389. - -q
Causes each add to be performed silently as opposed to being echoed to the screen individually. - -w
Specifies the password associated with the distinguished name that is specified in the -D option.
ldapdelete | |
You use the ldapdelete command-line utility to delete entries from an existing LDAP directory. ldapdelete opens a connection to the specified server using the distinguished name and password you provide, and deletes the entry or entries. For details, see the Red Hat Directory Server for HP-UX Administrator's Guide available at the following web site: http://docs.hp.com/en/internet.html
ldapdelete [optional_options] |
where - optional_options
Specifies a series of command-line options.
The section lists ldapdelete options most commonly used. For detailed information, refer to Red Hat Directory Server for HP-UX Configuration, Command and File Reference. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to delete the entries. - -h
Specifies the name of the host on which the Directory Server is running. If you do not specify a host, ldapdelete uses the local host. - -P
Specifies the TCP port number that the Directory Server uses. The default is 389. - -dn
Specifies the DN of the entry to be deleted. - -w
Specifies the password associated with the distinguished name that is specified in the -D option.
|
Printable version
