To retrieve all users:

ldap_get_user [ -b branch ] [ -f filename ]

Note:

In the following examples, the -bbranch and -foutput-fileoptions (not shown) can also be used.

To use a search filter to find users:

ldap_get_user -s filter

To use a search filter with object class restrictions added to the search:

ldap_get_user -S filter

For example, a search filter might look like the following:

uid=bjensen (&(uidNumber>=10)(uidNumber<=20))

Note:

You must quote the filter string according to your shell.

To retrieve a range of users (where start is the starting UID in the range and end is the optional ending UID in the range):

ldap_get_user -R start[-end]

If you do not specify end, the search retrieves all users from the starting UID through the highest UID in the LDAP directory server.

To retrieve specific users:

ldap_get_user user [ user ...]

Synchronizing with a Password File

Use the ldap_sync_user utility to synchronize the ldap directory entries for users with the contents of a passwd file. This utility adds, updates or deletes users as needed to ensure that the contents of the directory match the supplied entries. This utility is intended to provide easy synchronization of the directory server with an alternate source for login information (such as NIS), where the alternate source is considered the master source of the information.

If a problem is encountered , the ldap_sync_user utility returns an exit code greater than 0.

For a description of the options you can use with this utility, see Table 5.

To synchronize users:

ldap_sync_user [-b branch ] [ filename]

Adding a Group Entry

Use the ldap_add_group utility to retrieve group(4) entries from the LDAP directory server. (Use the ldap_mod_group utility to add users to groups. See Section for more information.) The ldap_add_group utility adds groups to the first directory server specified in the ldapcd.conf file. If multiple servers are listed, only the first is used, even if it is not operational.

The ldap_add_group utility constructs the distinguished name (DN) as follows:

groupname_attribute=groupname,branch

The groupname_attribute is replaced by the attribute name specified by the gr_name entry in the ldapcd.conf file. The groupname is the group name. The branch is one of three possible values, taken in this order:

1.Value specified on the command line using the -boption

2.Value of the userbranch attribute in the ldapcd.conf file

3.Value of the searchbase attribute in the ldapcd.conf file

Utilities for Maintaining User Information in the LDAP Directory Server

83

Page 82 Page 84
Page 83
Image 83
HP UX Internet Express Software Synchronizing with a Password File, Adding a Group Entry, Ldapsyncuser -b branch filename
Page 82 Page 84
Top Page Image Contents