Importing Users into the Directory Server

To import users from the /etc/passwd file and store them in the LDAP database, follow these steps:

1.Configure the LDAP server to use extended LDAP schema for UNIX account information (see Section : Extended LDAP Schema for UNIX Account Information).

2.Verify through either of the following methods that the server is running and that you can connect to it:

Use the Test the LDAP Configuration function in the Administration utility (see Section : Testing the LDAP Module Configuration).

Edit the /etc/ldapcd.conf file and run the

/usr/internet/ldap_tools/ldap_check utility.

3.Identify the users that you want to put into the LDAP directory and extract user information from the /etc/passwd file. Use the passwd_extract utility (see Section ) with the -foption to extract users from /etc/passwd and store the records (formatted as passwd entries) in a file. For example,

# usr/internet/ldap_tools/passwd_extract -f /tmp/ldapusers user1 user2 ...

Note:

Processing a large number of users may take a while.

4.Use the passwd_extract utility again, this time, replace -fwith -r.

5.Use the ldap_add_user utility (see Section ) to populate the LDAP directory with the extracted user records in the file created in step 3.

6.Move the remainder file created in step 4 to /etc/passwd and run the mkpasswd utility, or, manually remove the users with the vipw utility (see vipw(8)).

Importing Users from NIS

To import users from NIS, follow these steps:

1.Use ypcat to fetch the user information from the NIS server, and then use the passwd_extract utility. For example:

# ypcat passwd /usr/internet/ldap_tools/passwd_extract -f /tmp/ldapusers [user1 user2 ...]

2.Use the ldap_add_user utility (see Section : Adding a User Entry) to populate the LDAP directory with the extracted user records in the file created in step1.

Exporting Users from the Directory Server

To export users from the directory server, follow these steps:

1.Use the ldap_get_users -foutput-filecommand to extract user records from the LDAP database.

2.Merge the file created in step 1 with the /etc/passwd file. See the vipw(8) reference page.

Adding an LDAP User in a C2 Environment

There is an additional step required when you have C2 security enabled. For each system into which you wish the user to be able to login, you must add an edauth entry. The entry should be of the form:

echo "<username>:u_name=<username>:u_id#<uid>:u_oldcrypt#3:u_lock@:chkent:"\

/usr/tcb/bin/eduath -s

Importing and Exporting Users from /etc/passwd 77

Page 76 Page 78
Page 77
Image 77
HP UX Internet Express Software manual Importing Users into the Directory Server, Importing Users from NIS
Page 76 Page 78
Top Page Image Contents