HP UX Internet Express Software manual Maintaining the Ldap Directory Server Using Ldap Commands

Page 86

Note:

Whenever you enable or disable the LDAP Module for System Authentication, you must reboot the system. Otherwise, some applications (such as cron and Advanced Server for UNIX) will not detect the change in authentication method.

Stopping the ldapcd Daemon

Use the ldap_disable utility to stop the LDAP caching daemon (ldapcd) and configure the system so that the LDAP Authentication will not be used.

You can also stop the ldapcd daemon using the Administration utility; see Section : Enabling and Disabling the LDAP Module.

Note:

Whenever you enable or disable the LDAP Module for System Authentication, you must reboot the system. Otherwise, some applications (such as cron and Advanced Server for UNIX) will not detect the change in authentication method.

Maintaining the LDAP Directory Server Using LDAP Commands

You can use LDAP commands (instead of the LDAP utilities supplied with Internet Express) to formulate different queries than those provided by the Internet Express LDAP utilities. The following sections describe how to use these commands to add and modify LDAP entries.

Adding Entries to an LDAP Database

To modify an entry in an existing LDAP database, you can use the ldapmodify command. In the following example, the ldapmodify command is reading from standard input:

#/usr/internet/ldap_sdk/tools/ldapmodify -w admin \ -D "cn=root, o=HP Engineering, c=US"

dn: cn=Joseph Shmoe, o=HP Engineering, c=US

changetype: modify

replace: title

title: Process Engineer

-

^D

modifying entry cn=Joseph Shmoe, o=HP Engineering, c=US

You can use the ldapsearch command to retrieve the modified entry:

#/usr/local/bin/ldapsearch -b 'o=HP Engineering, c=US' 'cn=Joe Shmoe'

cn=Joseph Shmoe, o=HP Engineering, c=US objectclass=person

cn=Joseph Shmoe cn=Joe Shmoe sn=Shmoe givenname=Joseph mail=shmoe@fac.digieng.com uid=jshmoe title=Process Engineer

For more information, see ldapmodify(1).

Modifying Entries in an LDAP Database

To modify an entry in an existing LDAP database, you can use the ldapmodify command. In the following example, the ldapmodify command is reading from standard input: #

/usr/internet/ldap_sdk/tools/ldapmodify-w admin \ -D "cn=root, o=HP

86 User Authentication

Image 86

Contents Internet Express for Tru64 Unix Version AbstractPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Network Security Administration 167 Web Services Administration 155XML Component Administration 164 Proxy Services Administration 190 Ldap Directory Server Administration 195Samba File and Print Server Administration 216 OpenSLP Administration 207FTP Server Administration 213 InterNetNews Server Administration 225 Internet Relay Chat Administration 248Jabber 265 PostgreSQL Database and MySQL Administration 249Bind Domain Name Server Administration 260 Twiki 266Document Organization About This DocumentIntended Audience Computer output CommandTypographic Conventions User inputRelated Information Reading Documentation Using the Administration UtilityReading Documentation Using the Public Web Server Reading the DocumentationOn a Tru64 Unix System Reading Documentation from the Internet Express CD-ROMReading Reference Pages for Internet Express Components On a PC# man -M /usr/news/man active.5 Readers CommentsReading the Open Source Software Component Documentation Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityUsing the Administration Utility Main Menu Administration Utility Menu Options and TasksUsing Administration Utility Forms Registering Your Internet Express InstallationNavigating the Administration Utility Register OnlineSample Administration Utility Form Port Number Description Accessing Administration ServersInternet Express Accounts and Ports 8081 Internet ExpressManaging Internet Express in a TruCluster Environment Accessing the Internet Express Login AccountAccessing and Managing the Internet Monitor TruCluster Impact on Internet Express Administration Installing and Removing ComponentsUsing Internet Express Services in a Cluster Hostname of the local host Installing and Removing ComponentsKeywords for URL Line Port number from the current Web serverAccessing Web-Based System Management Tools Performing Web-Based System ManagementTuning Kernel Attribute Values Accessing Web-Based System Management ToolsUsing the Administration Utility Open Source Software Web Sites Where to Find More InformationInternet Express and AlphaServer Products Web Sites FreeRADIUS ExpectFirefox GnuPGLynx Web Browser IRC ServerJabber Majordomo Automated Internet Mailing Lists ManagerOpenSLP MySQLOpenLDAP PerlPure-FTP Server PostgreSQL Relational Database Management SystemProcmail Mail Filtering Language Samba File and Print ServerSystem Security Web Sites InterNIC Other Useful Web SitesApplications MicrosoftEncompass User Administration Manage Users MenuUser Administration Overview of User AccountsSpecifying User Names Assigning Passwords to User AccountsPurging Obsolete Passwords Overview of User AccountsSearching for User Accounts Searching for User AccountsAssigning Users to Groups Selecting User AccountsCreating Captive Accounts for Named Users Shows the Create Named User Account formCreating Captive Accounts for Generic Users Creating a Named User AccountCreating a Noncaptive Account for a Unix System User Creating Generic User AccountsTo create a group, see Section Creating Groups Creating a Noncaptive Account for a Unix System UserCreating Groups Creating a System User AccountDisplaying User Account Information Creating GroupsDeleting User Accounts Displaying User Account InformationChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Changing Mail Services for Users Assigning Regular Delivery Mail ServiceAssigning POP with Password Mail Service Assigning the Cyrus Imap Mail Service Assigning Cyrus Imap with Password Mail ServiceChanging the iass Account Forwarding Address Assigning Apop with Password Mail ServiceManaging the iass Account Managing the .users.list FilePurging Passwords for User Accounts Managing the User Self-Administration FeatureListing User Accounts and Passwords Removing the .users.list FileEnabling and Disabling the User Self-Administration Feature Managing the User Self-Administration FeatureManage User Self-Administration Menu Modifying the Web Server Configuration Configure Web Server for Self-Administration FormEnabling and Disabling Login Delays Modify Web Server ConfigurationManaging User Self-Administration Groups Adding GroupsDeleting and Modifying Groups Adding GroupsCustomizing the User Self-Administration Feature Enabling and Disabling GroupsUser Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication Example 1 Security Matrix Enabled for Ldap User AuthenticationLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Creating Branches Value of searchbase Value of machinedn Value of machinepassExtended Ldap Schema for Unix Account Information Userbranch ou=accounts,searchbaseIndexing Attributes for the Directory Servers Ldap Database Index Types Configuring the Ldap Module for System AuthenticationAdding Indices for OpenLDAP Defining Ldap System Parameters Modifying the Ldap Module ConfigurationConfiguring the Ldap Module for System Authentication Configuring Ldap Password Attributes Configuring Ldap Group Attributes Enabling and Disabling the Ldap Module Testing the Ldap Module ConfigurationImporting and Exporting Users from /etc/passwd Exporting Users from the Directory Server Importing Users into the Directory ServerImporting Users from NIS Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities File in which to store search results the default is Remove login names from specified groupRemove login names from all groups Authentication mechanismAdding a User Entry Checking the Ldap Server ConfigurationExtracting Users from the /etc/passwd File Deleting a User Entry Retrieving a User EntryLdapsyncuser -b branch filename Synchronizing with a Password FileAdding a Group Entry Maintaining Group Membership Deleting a Group EntryStarting the ldapcd Daemon Setting a Users Password in the Ldap Directory ServerRetrieving a Group Entry Ldapgetgroup -b branch -f input-fileAdding Entries to an Ldap Database Maintaining the Ldap Directory Server Using Ldap CommandsStopping the ldapcd Daemon Modifying Entries in an Ldap DatabaseOverview of the Ldap Client Authentication Actions PerformedFiles Modified by theLDAP Module for System Authentication Actions Performed by the Ldap ClientDebugging ldapdc Operation of login/suBehavior of the the ldapdc Daemon Etc/ldapusers.allow# su user1 Mail Delivery Administration Mail Delivery AdministrationSendmail Server Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Mail Server Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Client Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Changing the Sendmail Server Configuration Sendmail Server AdministrationThrough Section Configuring the X.25 Protocol Configuring Mail ProtocolsPSInet see Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the MTS Protocol Configuring the DECnet Phase IV ProtocolConfiguring the DECnet/OSI Protocol Configuring the Uucp Protocol Configuring the X.25 ProtocolConfiguring Masquerading Accessing the Configure Masquerading FormRoot Postmaster News Uucp Configuring Your System for Masquerading Mailer-daemon Rdist Nobody Daemon Pop ImapConfiguring Virtual Domains Example 4 Sample Virtual Domain Table# makemap btree virtusertable virtusertable Enabling Procmail as a Local Mailer Enabling Anti-VirusConfiguring Anti-Spam Configuring RelayingConfiguring the Access Database Example 5 Sample Access Database for the Sendmail ServerConfiguring an Access Database Configuring Ldap Configuring Checking on Senders InformationConfiguring Mail Filters Milter Shows the Configure Ldap formSocket inet61066@myhost.com Socket local/var/run/f1.sockSocket inet1099@remotehost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Configuring Queues Adding a QueueDeleting a Queue Group # sendmail -bt -q queue-nameModifying a Queue Group General Queue Properties Configuring Queue PerformanceQueue Timers Sendmail Tunable Parameters Configuring Trusted Layer SecuritySendmail Timers TLS Certificate Values Certificate DefaultsCertificate Issuer One that issues certificates a CA Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database Failure marked as temporary VERIFYbits CIname Sendmail Server AdministrationMarked as permanent SideRelay or Subject Configuring Mailbox AccessControlling the Sendmail Server Viewing the Sendmail Server Log Majordomo Mailing List AdministrationMajordomo Mailing List Administration Creating a Majordomo Mailing ListChanging a Majordomo Mailing List Configuration Changing List Owner or CharterChanging Administration Parameters Changing Subscription ParametersChanging Message Content Parameters Changing Command Access Parameters Changing Digest ParametersChanging Moderated List Parameters Changing List Restriction ParametersChanging Address Processing Parameters MailmanDeleting a Majordomo List MailmanDeleting a Mailing List Creating the Initial Mailman List Using a ScriptCreate a Mailing List Managing MailmanMailman Mailing List Administration Menu Mailman Log Files Bogofilter Spam FilterMailman Scripts Training BogofilterFilter Integration with Other Tools Using Bogofilter with procmailFiltering with Bogofilter Bogofilter/wordlist.dbMail Transport Agent MTA Integration with Bogofilter Mutt Integration with BogofilterPine Integration with Bogofilter Bogofilter Spam Filter Controlling the POP3 Server Mail Access AdministrationPOP Mail Server Administration Controlling the POP2 ServerViewing the POP Mail Server Log Imap Mail Server AdministrationImap Mail Server Administration Converting Imap Mail Folders Setting Up a Unix User Account for UW ImapSetting Up a Unix User Account for Cyrus Imap Usr/dt/bin/mailcv -evdt -I -f foldername directoryname user Controlling the Cyrus Imap ServerControlling the UW Imap Server Usr/dt/bin/mailcv -I -t -f ./bar dukeConfiguring SSL for UW-IMAP Viewing the Imap Server LogIMP Webmail Administration IMP Webmail AdministrationAccessing the IMP Webmail Administration Menu Enabling and Disabling IMP WebmailManaging Mail Server Settings Enable/Disable IMP WebmailAdding a Mail Server IMP Mail Server SettingsModifying the Mail Server List IMP Mail Server List Settings Deleting a Mail Server Managing Mailbox SettingsModifying a Mail Server Managing Compose Settings IMP Mailbox SettingsPreference settings Managing Message SettingsIMP Compose Settings Managing Logging Settings IMP Message SettingsIMP Logging Settings Managing Preference Driver Settings Preference Driver SettingsMiscellaneous IMP Settings Managing Miscellaneous IMP SettingsManaging Horde Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings Setting Description Enabled Using IMP Upgrade ToolsIMP Turba Settings Have access to their addressbookUpgrading IMP Configurations Upgrading IMP DatabasesIMP Database Upgrade Settings New Preference Table Accessing IMP WebmailAdditional Webmail Documentation Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Accessing the Secure Web Servers Internet Express Ports and URLsWeb Server Management Changing Configuration ParametersConfiguration Files for Secure Web Servers ServerChanging the Password for the Administration Web Server Httpd.conf Srm.conf Access.confCreating the Search Index Ht//Dig Search Tool AdministrationHt//Dig Search Tool Administration Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Http//hostname/htdig/search.html Searching the IndexDocumentation Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Apache Axis Server Administration Apache Axis Server AdministrationApache Cocoon Servlet Administration Managing the Apache Axis ServerViewing the Cocoon Log Files Managing the Apache Cocoon ServletEnabling and Disabling the Cocoon Servlet Network Services Wrapped by Internet Express Network Security AdministrationTCP Wrapper Administration Network Services Wrapped by Internet ExpressControlling Access to Other Network Services Modifying Access to a Wrapped Network ServiceTesting TCP Security Modifications Network Service Access OptionsFireScreen Administration FireScreen Administration MenuInstalling FireScreen FireScreen AdministrationChecking FireScreen Installation Prerequisites Etc/rc.config fileFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Setting Command-Line Options Configure FireScreen MenuSet Options Confirmation Setting the Screening Mode Adding a Screening RuleAdd New Screening Rule Form Checking Syntax of Screening Rules Deleting a Screening RuleStarting and Stopping FireScreen Starting FireScreenStart/Stop FireScreen Form with Restart Option Enabled Stopping FireScreenViewing the FireScreen Log Viewing FireScreen StatusViewing FireScreen Screening Rules Usr/internet/docs/snort Snort documentation Snort Intrusion Detection SystemViewing FireScreen Statistics Option Disable Decode Alert Configuring Snort DecoderConfiguring Snort Preprocessor Snort -vd -l ./logViewing Alert Messages FreeRADIUS Server AdministrationRunning Snort Starting and Stopping the FreeRADIUS Server Considerations While Installing FreeRADIUSUnderstanding FreeRADIUS Configuration Files Users FileRadiusd.conf file Configure --disable-shared make make installClients.conf file Viewing FreeRADIUS Log File Proxy Services Administration Proxy Services AdministrationDante Socks Server Administration Controlling the Dante Socks ServerAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationConfiguring the Dante Socks Server Squid Proxy/Caching Server AdministrationManaging the Squid Proxy/Caching Server Configuring the Squid Proxy/Caching ServerReinitializing the Disk Cache Displaying Access Statistics Rotating Log FilesControlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Example 6 Ldap Standard Object Class Definition for Person Using the Ldap BrowserLdap Directory Server Administration Managing Frequently Used Connections Installing and Running the Ldap BrowserConnecting to an Ldap Server Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Reconnecting to an Ldap Server Using the Main Browsing WindowDisconnecting from an Ldap Server Closing a Main Window Controlling Client-Side Schema CheckingOpening a New Main Window Viewing a Directory Entry in a Separate WindowDeleting a Directory Entry Adding a New Directory EntryModifying a Directory Entry Copying a Directory EntryAdding Attributes Renaming a Directory EntryMoving a Directory Entry Modifying AttributesCreating Entry Templates Deleting AttributesManaging Directory Entry Templates Modifying Entry TemplatesSearching the Directory Viewing the Object Class SchemaViewing the Attribute Schema Configuring the OpenLDAP Directory Server Managing and Using the OpenLDAP Directory ServerUser Configuration File Managing the OpenLDAP Directory ServerLdap Directory Server Administration OpenSLP Overview OpenSLP AdministrationConfiguration Files and Examples Configuring Optional Security Configuring OpenSLPUsing the OpenSLP Configuration and Registration Files Running the Services Configuring OpenSLPRunning the Example Configuration Considerations for Using SLP APIsDocumentation DocumentationOpenSLP Administration Administering Pure-FTP Server FTP Server AdministrationAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountEnabling or Disabling chroot Enabling or Disabling Anonymous Pure-FTP AccessFTP Server Administration Upload /data/ftp /pub yes ftp daemonDisplaying Active Pure-FTP Users Enabling or Disabling Pure-FTP serverUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationOptions for Modifying the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File WorkgroupAdd the following value Administering the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramConfiguring the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Manage passwords see Section Administering Passwords Configuring Global VariablesConfiguring Share Parameters Controlling Printers Viewing the Current ConfigurationAdministering Passwords Viewing the Status of the ServerSamba File and Print Server Administration InterNetNews Server Administration 225INN Daemons Specifying INN Configuration DataInterNetNews Server Administration Configuring an External Newsfeed Configuring an External NewsfeedArticle Retention Period Displaying an External NewsfeedRecommended Spool Space for News Articles Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Removing an External Newsfeed Modifying Newsfeed DefaultsModifying an External Newsfeed Managing Client Access Updating the Local Active FileAccess Groups Form Fields Displaying Client Access GroupsAdding a Client Access Group Modifying an Existing Client Access Group Removing a Client Access GroupAdding Client Authentication Groups Displaying Client Authentication GroupsManaging Client Authentication Groups Client Authentication Groups Menu FieldsModifying Client Authentication Groups Usr/bin/news/auth/passwdDeleting Client Authentication Groups Configuring Storage OptionsConfiguring Storage Method Entries Configuring Storage OptionsModifying a Storage Method Class Options on the Configure Storage MenuAdding a New Storage Method Class Displaying Cnfs Entries Configuring the Cnfs Storage MethodDeleting a Storage Method Class Adding New Cnfs EntriesModifying Cnfs Entries Deleting Cnfs Entries Managing Article ExpirationDisplaying Article Expiration Definitions Managing Article ExpirationAdding an Article Expiration Definition Specific newsgroup for example, rec.photoManaging Article Expiration Modifying an Article Expiration Definition Specifying an Article Expiration DefinitionModifying the Retention Period for Expired Articles Managing Local NewsgroupsDeleting an Article Expiration Definition Managing Local NewsgroupsDeleting Local Newsgroups Viewing INN Log FilesCreating Local Newsgroups Controlling the INN Server Controlling the INN ServerInternet Relay Chat Administration Internet Relay Chat AdministrationConfiguring IRC Controlling the IRC ServerInstalling PostgreSQL PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Starting and Stopping PostgreSQL ServerPostgreSQL Database and MySQL Administration Viewing the PostgreSQL Log FileImportant Files and Directories Administering PostgreSQL AccountsAdministering PostgreSQL Accounts Running the Postmaster Startup Script Setting up a Crontab Entry for Vacuuming DatabasesUsing Existing PostgreSQL Accounts PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres start Scaling PostgreSQL#/sbin/init.d/postgres stop Scaling PostgreSQL #/sbin/sysconfig -q ipc#ps -ef grep postmaster Starting and Stopping MySQL Administering MySQLDirectories and Files Established by MySQL Installation MySQL DirectoriesViewing the MySQL Error Log Starting and Stopping the MySQL Server Using a Command LineMySQL Configuration Files MySQL Log FilesImportant Bind Files and Directories Bind Domain Name Server AdministrationBind Overview Bind Files and DirectoriesBind Binary File Directories Enabling Bind Enter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptBind Documentation Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Twiki TwikiStarting TWiki Stunnel Sample client server configurationSample client server configuration Background OpenSSL Certificate Creation Sendmail Supplemental InformationCreating a Certificate of Authority Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary GlossaryFTP 273See also Https See TCP/IP 275Index SymbolsIndex 277 Decus see Encompass deinstall.sh scriptWeb site, 30 external newsfeed adding Index 279 Ldap client, 87 Ldap commandsLog file FireScreen viewing, 183 login account Index 281 OpenLDAP Project Web sitePoppassd server controlling Screening mode, 178 screening rule FireScreen TIN 283

Related manuals

Manual 34 pages 37.15 Kb