Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > L

ldapentry(1)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

ldapentry — simple add, modify, and delete entries in an LDAP directory

SYNOPSIS

ldapentry {-a | -d | -m} [-D login] [-b base] [-h host] [-p port] [-s scope] [-f] [-v] {service key | dn}

DESCRIPTION

ldapentry is a script that allows administrators to add, modify, and delete entries in an LDAP directory. The add and modify functions open an entry into an editor so knowledge of the LDIF (RFC2849) syntax is required.

This manpage describes the use of ldapentry, including the command line, environment variables, profile support, and resource files.

Arguments

ldapentry requires these arguments:

{-a | -d | -m}

Specifies the ldapentry operation to be performed. One of these operations must be specified:

-a

Adds a new entry to the directory. An LDIF template will be read into an editor for the entry to be added. The new entry's location in the directory will be determined by the LDAP_BASEDN variable (if defined), by the template, or the location described in the service descriptors in the LDAP configuration profile.

See Templates section below for information about the templates.

-d

Deletes an entry from the directory.

-m

Modifies an existing the directory entry. The entry will be sent into a vi editor in the LDIF format for the user to modify.

{service key | dn}

ldapentry requires either service key or dn, where

service

Name of the service set that will determine the type of entry to edit, where service can be one of the following:

{ passwd | group | hosts | rpc | services | printers }

key

Entry's common name or UID.

dn

Full distinguished name of the entry.

Options

ldapentry supports the following options. These options are not required because some of them may be defaulted to the profile and configuration files or prompted for by ldapentry.

-b base

Specifies the DN of the search/insert base which defines where ldapentry starts the search/insert for the entry.

This option is optional if the LDAP_BASEDN variable is set. If specified, this option overwrites the LDAP_BASEDN variable setting.

-D login

Specifies the distinguished name (DN) of an administrator who has the authority to add, modify, or delete entries in the LDAP directory.

This option is optional if the LDAP_BINDDN environment variable has been set. If specified, this option overwrites the LDAP_BINDDN variable setting.

-f

Forces command execution, with warning override.

-h host

Specifies the host name of the LDAP directory. If not specified, ldapentry uses the local host.

-p port

Specifies the TCP port number that the LDAP directory uses. If not specified, dapentry defaults to port 389.

-s scope

Specify scope of the search, where scope can be one of the following:

base

Search only the entry specified in the -b option or defined by the LDAP_BASEDN environment variable.

one

Search only the immediate children of the entry specified in the -b option. Only the children is searched, the actual entry specified in the -b option is not searched.

sub

Search the entry specified in the -b option and all of its descendants. Perform a subtree search starting at the point identified in the -b option.

This is the default.

-v

Displays verbose information.

Templates

The add function of ldapentry will open an entry from the template file in /etc/opt/ldapux/ldapentry.templates for the user to edit and add to the directory. The template can be customized and variable references will be defined by ldapentry on execution, if available.

Security Restriction

The LDAP administrator password is a required parameter, but for security reasons, it may not be specified on the command line. It will be prompted for or may be specified in an environment variable, described in Configuration Variables section below.

When adding, any sensitive information (such as userpassword:) will be prompted for with hidden input after the editor is closed. However, the modify function requires that the user enter everything within the editor (where it will be unsecured clear-text.)

EXTERNAL INFLUENCES

The ldapentry command also accepts options through environment variables, configuration files, and the LDAP configuration profile.

Configuration Variables

For ldapentry, configuration variables may be specified in the following locations (in order of precedence):

1.

Local environment variables.

2.

Local user rc configuration file (~/.ux_ldap_admin_rc).

3.

Global configuration file (/etc/opt/ldapux/client_admin.conf).

ldapentry will also discover configuration parameter defaults from the directory configuration profile created by the LDAP-UX setup program, /opt/ldapux/config/setup.

Environment variables override configuration parameters in the users rc file. The rc file overrides the global configuration file. The global configuration file overrides parameters from the configuration profile stored in the directory.

Example:

With the following definition in these configuration files:

~/.ux_ldap_admin_rc

LDAP_HOST=my.host.com

/etc/opt/ldapux/client_admin.conf

LDAP_HOST=your.host.com

ldapentry will only use LDAP_HOST=my.host.com.

Environment Variables

The following variables may be specified as shell environment variables or in either of the above two configuration files.

EDITOR

Name of the editor that will be used when you do an add or modify (defaults to the vi editor.)

INSERT_BASE

This DN specifies to ldapentry where to insert new entries. This value will default to LDAP_BASEDN or a default defined by the configuration profile. INSERT_BASE is only used when adding entries.

LDAP_BASEDN

The DN of the search base which specifies where ldapentry starts looking from for the entry. If this variable has been defined, but LDAP_SCOPE was not, then LDAP_SCOPE defaults to sub.

LDAP_BINDCRED

The password for the above privileged LDAP user.

*** May not be stored in a configuration file ***.

LDAP_BINDDN

The DN of the LDAP administrator allowed to add, delete, or modify the entry.

LDAP_HOST

The host name of the LDAP directory server. LDAP_HOST uses the hostname:port format. (If port is missing, ldapentry will automatically default to port 389, as suggested by the RFC2251 standard.)

LDAP_SCOPE

The type of LDAP search (sub, one, base) under the LDAP_BASEDN. You must define LDAP_BASEDN if you define LDAP_SCOPE.

Configuration Files

The ~/.ux_ldap_admin_rc file is used to locally define variables for each user. The /etc/opt/ldapux/client_admin.conf file is used to globally define variables for all users on the system.

The structure for configuration files is: PARAM=value

Example:

  • LDAP_HOST=myhost

    LDAP_BINDDN="cn=Directory Manager"

LDAP-UX Profile

The LDAP administration tools will retrieve configuration information from the directory as specified by the configuration profile found in /etc/opt/ldapux/ldapux_client.conf.

The LDAP profile information is not available on NIS clients.

EXAMPLES

ldapentry -m passwd jamesf

ldapentry -va group Management

ldapentry -df group Management

FILES

/opt/ldapux/bin/ldapentry

/opt/ldapux/bin/ldap_del_entry

/opt/ldapux/bin/ldap_mod_entry

/opt/ldapux/bin/ldap_new_entry

/opt/ldapux/bin/ldifdiff

/etc/opt/ldapux/ldapentry.intl

/etc/opt/ldapux/ldapentry.templates

~/.ux_ldap_admin_rc

/etc/opt/ldapux/ldapux_client.conf

SEE ALSO

ldapclientd(1M), ldapclientd.conf(4), ldapux(5), pam_authz(5), pam_ldap(5).

LDIF RFC2849,

LDAPv3 RFC2251.



ld_pa
  		 


ldd  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.