HP UX Internet Express Software manual Checking the Ldap Server Configuration, Adding a User Entry

Page 81

Checking the LDAP Server Configuration

The ldap_check utility validates the contents of the ./ldapcd.conf or /etc/ldapcd.conf file as follows:

•Verifies that the specified directory servers are running and that connections to the servers can be made

Note:

If any of the LDAP servers specified in the ldapcd.conf file fail the verification, the remaining servers are not checked and the entire verification fails.

•Verifies that the search base (the top-level directory for searches) exists

•If specified, verifies that user and group branches exist (see Section : Creating Branches)

•Verifies that user and group object classes exist

•Validates all object classes and attributes

If a problem is encountered during either of these checks, the ldap_check utility returns an exit code greater than 0.

Extracting Users from the /etc/passwd File

Use the passwd_extract utility to extract users from the specified input file (/etc/passwd is the default) and store the extracted records in the specified output file (with the -foption). Optionally, you can use the -roption (with the -foption) to extract entries that do not match the selection criteria to a remainder file. The records in the output file and remainder file (if any) are formatted as passwd(4) entries.

You can extract users based on:

•User name, specified by a space-separated parameter list: passwd_extract hill susan mike cliff austin powers

Note that if no output file is specified, the default is stdout.

•Any combination of individual UIDs or range of UIDs:

passwd_extract

-u 500,624,700-800 -f output-file

•Any combination of individual GIDs or range of GIDs:

passwd_extract -g 23,29-35,50 -f output-file

•Any combination of names, UIDs and GIDs:

passwd_extract -e james bond -u 500,624,700-800 -g 23,29-35,50 -f output-file

To extract records from a file other than /etc/passwd, specify the input file name with the -ioption. For example:

#passwd_extract larry curly moe -i myusers -f stooges

The records in the input file must be formatted as passwd entries.

Adding a User Entry

The ldap_add_user utility adds one or more user entries to the LDAP database. To use this utility on the command line, provide the following arguments:

ldap_add_user logname passwd uid gid gecos homedir shell

Utilities for Maintaining User Information in the LDAP Directory Server

81

Image 81

Contents Abstract Internet Express for Tru64 Unix VersionPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Web Services Administration 155 XML Component Administration 164Network Security Administration 167 Ldap Directory Server Administration 195 Proxy Services Administration 190OpenSLP Administration 207 FTP Server Administration 213Samba File and Print Server Administration 216 Internet Relay Chat Administration 248 InterNetNews Server Administration 225Bind Domain Name Server Administration 260 PostgreSQL Database and MySQL Administration 249Jabber 265 Twiki 266About This Document Intended AudienceDocument Organization Typographic Conventions CommandComputer output User inputReading Documentation Using the Public Web Server Reading Documentation Using the Administration UtilityRelated Information Reading the DocumentationReading Reference Pages for Internet Express Components Reading Documentation from the Internet Express CD-ROMOn a Tru64 Unix System On a PCReading the Open Source Software Component Documentation Readers Comments# man -M /usr/news/man active.5 Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityAdministration Utility Menu Options and Tasks Using the Administration Utility Main MenuNavigating the Administration Utility Registering Your Internet Express InstallationUsing Administration Utility Forms Register OnlineSample Administration Utility Form Internet Express Accounts and Ports Accessing Administration ServersPort Number Description 8081 Internet ExpressAccessing the Internet Express Login Account Accessing and Managing the Internet MonitorManaging Internet Express in a TruCluster Environment Installing and Removing Components Using Internet Express Services in a ClusterTruCluster Impact on Internet Express Administration Keywords for URL Line Installing and Removing ComponentsHostname of the local host Port number from the current Web serverPerforming Web-Based System Management Accessing Web-Based System Management ToolsAccessing Web-Based System Management Tools Tuning Kernel Attribute ValuesUsing the Administration Utility Where to Find More Information Internet Express and AlphaServer Products Web SitesOpen Source Software Web Sites Firefox ExpectFreeRADIUS GnuPGJabber IRC ServerLynx Web Browser Majordomo Automated Internet Mailing Lists ManagerOpenLDAP MySQLOpenSLP PerlProcmail Mail Filtering Language PostgreSQL Relational Database Management SystemPure-FTP Server Samba File and Print ServerSystem Security Web Sites Applications Other Useful Web SitesInterNIC MicrosoftEncompass Manage Users Menu User AdministrationOverview of User Accounts User AdministrationPurging Obsolete Passwords Assigning Passwords to User AccountsSpecifying User Names Overview of User AccountsSearching for User Accounts Searching for User AccountsSelecting User Accounts Assigning Users to GroupsShows the Create Named User Account form Creating Captive Accounts for Named UsersCreating a Named User Account Creating Captive Accounts for Generic UsersCreating Generic User Accounts Creating a Noncaptive Account for a Unix System UserCreating a Noncaptive Account for a Unix System User To create a group, see Section Creating GroupsCreating a System User Account Creating GroupsCreating Groups Displaying User Account InformationDisplaying User Account Information Deleting User AccountsChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning Regular Delivery Mail Service Assigning POP with Password Mail ServiceChanging Mail Services for Users Assigning Cyrus Imap with Password Mail Service Assigning the Cyrus Imap Mail ServiceManaging the iass Account Assigning Apop with Password Mail ServiceChanging the iass Account Forwarding Address Managing the .users.list FileListing User Accounts and Passwords Managing the User Self-Administration FeaturePurging Passwords for User Accounts Removing the .users.list FileManaging the User Self-Administration Feature Enabling and Disabling the User Self-Administration FeatureManage User Self-Administration Menu Configure Web Server for Self-Administration Form Modifying the Web Server ConfigurationModify Web Server Configuration Enabling and Disabling Login DelaysAdding Groups Managing User Self-Administration GroupsAdding Groups Deleting and Modifying GroupsEnabling and Disabling Groups Customizing the User Self-Administration FeatureUser Administration User Authentication Managing the Ldap Module for System AuthenticationManaging the Ldap Module for System Authentication User Authentication Example 1 Security Matrix Enabled for LdapLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Value of searchbase Value of machinedn Value of machinepass Creating BranchesUserbranch ou=accounts,searchbase Extended Ldap Schema for Unix Account InformationIndexing Attributes for the Directory Servers Configuring the Ldap Module for System Authentication Adding Indices for OpenLDAPLdap Database Index Types Modifying the Ldap Module Configuration Configuring the Ldap Module for System AuthenticationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Testing the Ldap Module Configuration Importing and Exporting Users from /etc/passwdEnabling and Disabling the Ldap Module Importing Users from NIS Importing Users into the Directory ServerExporting Users from the Directory Server Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities Remove login names from all groups Remove login names from specified groupFile in which to store search results the default is Authentication mechanismChecking the Ldap Server Configuration Extracting Users from the /etc/passwd FileAdding a User Entry Retrieving a User Entry Deleting a User EntrySynchronizing with a Password File Adding a Group EntryLdapsyncuser -b branch filename Deleting a Group Entry Maintaining Group MembershipRetrieving a Group Entry Setting a Users Password in the Ldap Directory ServerStarting the ldapcd Daemon Ldapgetgroup -b branch -f input-fileStopping the ldapcd Daemon Maintaining the Ldap Directory Server Using Ldap CommandsAdding Entries to an Ldap Database Modifying Entries in an Ldap DatabaseFiles Modified by theLDAP Module for System Authentication Authentication Actions PerformedOverview of the Ldap Client Actions Performed by the Ldap ClientBehavior of the the ldapdc Daemon Operation of login/suDebugging ldapdc Etc/ldapusers.allow# su user1 Sendmail Server Administration Mail Delivery AdministrationMail Delivery Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Mail Client Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Server Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Sendmail Server Administration Changing the Sendmail Server ConfigurationPSInet see Section Configuring the X.25 Protocol Configuring Mail ProtocolsThrough Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the DECnet Phase IV Protocol Configuring the MTS ProtocolConfiguring the DECnet/OSI Protocol Configuring the X.25 Protocol Configuring the Uucp ProtocolAccessing the Configure Masquerading Form Configuring MasqueradingRoot Postmaster News Uucp Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Your System for MasqueradingExample 4 Sample Virtual Domain Table Configuring Virtual Domains# makemap btree virtusertable virtusertable Enabling Anti-Virus Enabling Procmail as a Local MailerConfiguring Relaying Configuring Anti-SpamExample 5 Sample Access Database for the Sendmail Server Configuring the Access DatabaseConfiguring an Access Database Configuring Checking on Senders Information Configuring LdapShows the Configure Ldap form Configuring Mail Filters MilterSocket inet1099@remotehost.com Socket local/var/run/f1.sockSocket inet61066@myhost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Adding a Queue Configuring Queues# sendmail -bt -q queue-name Modifying a Queue GroupDeleting a Queue Group Configuring Queue Performance Queue TimersGeneral Queue Properties Configuring Trusted Layer Security Sendmail TimersSendmail Tunable Parameters Certificate Issuer One that issues certificates a CA Certificate DefaultsTLS Certificate Values Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database Marked as permanent VERIFYbits CIname Sendmail Server AdministrationFailure marked as temporary SideConfiguring Mailbox Access Controlling the Sendmail ServerRelay or Subject Majordomo Mailing List Administration Majordomo Mailing List AdministrationViewing the Sendmail Server Log Creating a Majordomo Mailing ListChanging List Owner or Charter Changing a Majordomo Mailing List ConfigurationChanging Subscription Parameters Changing Administration ParametersChanging Message Content Parameters Changing Digest Parameters Changing Command Access ParametersChanging List Restriction Parameters Changing Moderated List ParametersDeleting a Majordomo List MailmanChanging Address Processing Parameters MailmanCreate a Mailing List Creating the Initial Mailman List Using a ScriptDeleting a Mailing List Managing MailmanMailman Mailing List Administration Menu Mailman Scripts Bogofilter Spam FilterMailman Log Files Training BogofilterFiltering with Bogofilter Using Bogofilter with procmailFilter Integration with Other Tools Bogofilter/wordlist.dbMutt Integration with Bogofilter Pine Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter POP Mail Server Administration Mail Access AdministrationControlling the POP3 Server Controlling the POP2 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for UW Imap Setting Up a Unix User Account for Cyrus ImapConverting Imap Mail Folders Controlling the UW Imap Server Controlling the Cyrus Imap ServerUsr/dt/bin/mailcv -evdt -I -f foldername directoryname user Usr/dt/bin/mailcv -I -t -f ./bar dukeViewing the Imap Server Log Configuring SSL for UW-IMAPIMP Webmail Administration IMP Webmail AdministrationEnabling and Disabling IMP Webmail Accessing the IMP Webmail Administration MenuEnable/Disable IMP Webmail Managing Mail Server SettingsIMP Mail Server Settings Modifying the Mail Server ListAdding a Mail Server IMP Mail Server List Settings Managing Mailbox Settings Modifying a Mail ServerDeleting a Mail Server IMP Mailbox Settings Managing Compose SettingsManaging Message Settings IMP Compose SettingsPreference settings IMP Message Settings Managing Logging SettingsIMP Logging Settings Preference Driver Settings Managing Preference Driver SettingsManaging Horde Settings Managing Miscellaneous IMP SettingsMiscellaneous IMP Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings IMP Turba Settings Using IMP Upgrade ToolsSetting Description Enabled Have access to their addressbookUpgrading IMP Databases Upgrading IMP ConfigurationsIMP Database Upgrade Settings Accessing IMP Webmail Additional Webmail DocumentationNew Preference Table Web Services Administration Secure Web Server AdministrationSecure Web Server Administration Internet Express Ports and URLs Accessing the Secure Web ServersConfiguration Files for Secure Web Servers Changing Configuration ParametersWeb Server Management ServerHttpd.conf Srm.conf Access.conf Changing the Password for the Administration Web ServerHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Searching the Index DocumentationHttp//hostname/htdig/search.html XML Component Administration Directories and Subsets for XML ComponentsDirectories and Subsets for XML Components Apache Cocoon Servlet Administration Apache Axis Server AdministrationApache Axis Server Administration Managing the Apache Axis ServerManaging the Apache Cocoon Servlet Enabling and Disabling the Cocoon ServletViewing the Cocoon Log Files TCP Wrapper Administration Network Security AdministrationNetwork Services Wrapped by Internet Express Network Services Wrapped by Internet ExpressModifying Access to a Wrapped Network Service Controlling Access to Other Network ServicesNetwork Service Access Options Testing TCP Security ModificationsFireScreen Administration Menu FireScreen AdministrationFireScreen Administration Installing FireScreenEtc/rc.config file Checking FireScreen Installation PrerequisitesFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Configure FireScreen Menu Setting Command-Line OptionsSet Options Confirmation Adding a Screening Rule Setting the Screening ModeAdd New Screening Rule Form Deleting a Screening Rule Checking Syntax of Screening RulesStarting FireScreen Starting and Stopping FireScreenStopping FireScreen Start/Stop FireScreen Form with Restart Option EnabledViewing FireScreen Status Viewing FireScreen Screening RulesViewing the FireScreen Log Snort Intrusion Detection System Viewing FireScreen StatisticsUsr/internet/docs/snort Snort documentation Configuring Snort Preprocessor Configuring Snort DecoderOption Disable Decode Alert Snort -vd -l ./logFreeRADIUS Server Administration Running SnortViewing Alert Messages Understanding FreeRADIUS Configuration Files Considerations While Installing FreeRADIUSStarting and Stopping the FreeRADIUS Server Users FileConfigure --disable-shared make make install Clients.conf fileRadiusd.conf file Viewing FreeRADIUS Log File Dante Socks Server Administration Proxy Services AdministrationProxy Services Administration Controlling the Dante Socks ServerConfiguring the Dante Socks Server Squid Proxy/Caching Server AdministrationAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationConfiguring the Squid Proxy/Caching Server Reinitializing the Disk CacheManaging the Squid Proxy/Caching Server Rotating Log Files Displaying Access StatisticsControlling the Squid Proxy/Caching Server Ldap Directory Server Administration Understanding the Ldap Directory SchemaUnderstanding the Ldap Directory Schema Using the Ldap Browser Ldap Directory Server AdministrationExample 6 Ldap Standard Object Class Definition for Person Connecting to an Ldap Server Installing and Running the Ldap BrowserManaging Frequently Used Connections Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Using the Main Browsing Window Disconnecting from an Ldap ServerReconnecting to an Ldap Server Opening a New Main Window Controlling Client-Side Schema CheckingClosing a Main Window Viewing a Directory Entry in a Separate WindowModifying a Directory Entry Adding a New Directory EntryDeleting a Directory Entry Copying a Directory EntryMoving a Directory Entry Renaming a Directory EntryAdding Attributes Modifying AttributesManaging Directory Entry Templates Deleting AttributesCreating Entry Templates Modifying Entry TemplatesViewing the Object Class Schema Viewing the Attribute SchemaSearching the Directory User Configuration File Managing and Using the OpenLDAP Directory ServerConfiguring the OpenLDAP Directory Server Managing the OpenLDAP Directory ServerLdap Directory Server Administration OpenSLP Administration Configuration Files and ExamplesOpenSLP Overview Configuring OpenSLP Using the OpenSLP Configuration and Registration FilesConfiguring Optional Security Configuring OpenSLP Running the ServicesConsiderations for Using SLP APIs Running the Example ConfigurationDocumentation DocumentationOpenSLP Administration Administering Pure-FTP Server FTP Server AdministrationAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountFTP Server Administration Enabling or Disabling Anonymous Pure-FTP AccessEnabling or Disabling chroot Upload /data/ftp /pub yes ftp daemonEnabling or Disabling Pure-FTP server Displaying Active Pure-FTP UsersOptions for Modifying the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationWorkgroup Understanding the smb.conf Configuration FileAdd the following value Administering the Samba Server Using the Swat Program Configuring the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Global Variables Configuring Share ParametersManage passwords see Section Administering Passwords Administering Passwords Viewing the Current ConfigurationControlling Printers Viewing the Status of the ServerSamba File and Print Server Administration 225 InterNetNews Server AdministrationSpecifying INN Configuration Data InterNetNews Server AdministrationINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedRecommended Spool Space for News Articles Displaying an External NewsfeedArticle Retention Period Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying Newsfeed Defaults Modifying an External NewsfeedRemoving an External Newsfeed Updating the Local Active File Managing Client AccessDisplaying Client Access Groups Adding a Client Access GroupAccess Groups Form Fields Removing a Client Access Group Modifying an Existing Client Access GroupManaging Client Authentication Groups Displaying Client Authentication GroupsAdding Client Authentication Groups Client Authentication Groups Menu FieldsUsr/bin/news/auth/passwd Modifying Client Authentication GroupsConfiguring Storage Method Entries Configuring Storage OptionsDeleting Client Authentication Groups Configuring Storage OptionsOptions on the Configure Storage Menu Adding a New Storage Method ClassModifying a Storage Method Class Deleting a Storage Method Class Configuring the Cnfs Storage MethodDisplaying Cnfs Entries Adding New Cnfs EntriesModifying Cnfs Entries Displaying Article Expiration Definitions Managing Article ExpirationDeleting Cnfs Entries Managing Article ExpirationSpecific newsgroup for example, rec.photo Adding an Article Expiration DefinitionManaging Article Expiration Specifying an Article Expiration Definition Modifying an Article Expiration DefinitionDeleting an Article Expiration Definition Managing Local NewsgroupsModifying the Retention Period for Expired Articles Managing Local NewsgroupsViewing INN Log Files Creating Local NewsgroupsDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerConfiguring IRC Internet Relay Chat AdministrationInternet Relay Chat Administration Controlling the IRC ServerInstalling PostgreSQL PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Starting and Stopping PostgreSQL ServerViewing the PostgreSQL Log File PostgreSQL Database and MySQL AdministrationAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories Using Existing PostgreSQL Accounts Setting up a Crontab Entry for Vacuuming DatabasesRunning the Postmaster Startup Script PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form Scaling PostgreSQL #/sbin/init.d/postgres stop#/sbin/init.d/postgres start #/sbin/sysconfig -q ipc #ps -ef grep postmasterScaling PostgreSQL Directories and Files Established by MySQL Installation Administering MySQLStarting and Stopping MySQL MySQL DirectoriesMySQL Configuration Files Starting and Stopping the MySQL Server Using a Command LineViewing the MySQL Error Log MySQL Log FilesBind Overview Bind Domain Name Server AdministrationImportant Bind Files and Directories Bind Files and DirectoriesBind Binary File Directories Enabling Bind Bind Documentation Running the Bind Startup ScriptEnter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Jabber Controlling the Jabber ServerControlling the Jabber Server Twiki Starting TWikiTwiki Sample client server configuration Sample client server configurationStunnel Creating a Certificate of Authority Sendmail Supplemental InformationBackground OpenSSL Certificate Creation Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary Glossary273 FTPSee also Https 275 See TCP/IPSymbols IndexIndex Decus see Encompass deinstall.sh script Web site, 30 external newsfeed adding277 Index Ldap client, 87 Ldap commands Log file FireScreen viewing, 183 login account279 Index OpenLDAP Project Web site Poppassd server controlling281 Screening mode, 178 screening rule FireScreen 283 TIN

Related manuals

Manual 34 pages 37.15 Kb