Manualshelf

Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software
81828384858687888990
To retrieve all users:
ldap_get_user [ -b branch ] [ -f filename ]
Note:
In the following examples, the -b branch and -f output-file options (not shown) can also
be used.
To use a search filter to find users:
ldap_get_user -s filter
To use a search filter with object class restrictions added to the search:
ldap_get_user -S filter
For example, a search filter might look like the following:
uid=bjensen (&(uidNumber>=10)(uidNumber<=20))
Note:
You must quote the filter string according to your shell.
To retrieve a range of users (where start is the starting UID in the range and end is the optional
ending UID in the range):
ldap_get_user -R start[-end]
If you do not specify end, the search retrieves all users from the starting UID through the highest
UID in the LDAP directory server.
To retrieve specific users:
ldap_get_user user [ user ...]
Synchronizing with a Password File
Use the ldap_sync_user utility to synchronize the ldap directory entries for users with the contents
of a passwd file. This utility adds, updates or deletes users as needed to ensure that the contents
of the directory match the supplied entries. This utility is intended to provide easy synchronization
of the directory server with an alternate source for login information (such as NIS), where the
alternate source is considered the master source of the information.
If a problem is encountered , the ldap_sync_user utility returns an exit code greater than 0.
For a description of the options you can use with this utility, see Table 5.
To synchronize users:
ldap_sync_user [-b branch ] [ filename]
Adding a Group Entry
Use the ldap_add_group utility to retrieve group(4) entries from the LDAP directory server.
(Use the ldap_mod_group utility to add users to groups. See Section for more information.) The
ldap_add_group utility adds groups to the first directory server specified in the ldapcd.conf
file. If multiple servers are listed, only the first is used, even if it is not operational.
The ldap_add_group utility constructs the distinguished name (DN) as follows:
groupname_attribute=groupname,branch
The groupname_attribute is replaced by the attribute name specified by the gr_name entry
in the ldapcd.conf file. The groupname is the group name. The branch is one of three possible
values, taken in this order:
1. Value specified on the command line using the -b option
2. Value of the userbranch attribute in the ldapcd.conf file
3. Value of the searchbase attribute in the ldapcd.conf file
Utilities for Maintaining User Information in the LDAP Directory Server 83