Table of Contents
Advertisement
ldapugdel(1M)
DN
-D
uid_name
group_name
l
Binding to the Directory Server
ldapugdel
to which directory server to bind and how to perform the bind operation.
LDAP-UX configuration profile for the following information:
• The list of LDAP directory server hosts.
• The authentication method (simple passwords, SASL Digest MD5, etc.).
If either of the environment variable
ldapugdel
• The type of credential (user, proxy or anonymous) to use.
• The credential used for binding as a proxy user (either
tive users or
As with LDAP-UX,
the LDAP-UX host list. As soon as a connection is established, further directory servers on the host list will
not be contacted.
Once connected,
LDAP_BINDCRED
using the specified credentials and configured LDAP-UX authentication method.
If the above mentioned environment variables have not been specified, then
the configured credential type is "proxy" and if so, attempt to bind to the directory server using the
configured LDAP-UX proxy credential.
If configured, the acred proxy credential will be used for administrative users (determined if the user run-
ning
ldapugdel
credential configured in
Note: to prevent discovery of the LDAP administrator's credentials, the LDAP user DN and password may
not be specified as command-line options to the
Security Considerations
• Use of
ldapugdel
the directory server. The rights to delete or modify existing LDAP directory entries under the
requested subtree, along with removal of the required attributes in that entry must be granted to the
476
Hewlett-Packard Company
Directory server.
• Since the Microsoft Services for Unix schema does not use RFC2307 standard attributes,
use of
-O
will not function, since attribute mapping is not allowed in
will function properly with Windows 2003 R2, since standard RFC2307 attributes are
used, with the exception of the homeDirectory, described above.
Normally
will search for the named user or group using the search rules
ldapugdel
described by the service search descriptor in the LDAP-UX configuration profile. With
the exact DN of the entry being modified may be specified.
Only one of
, uid_name or group_name may be specified on the command line.
-D
Specifies the name of the user entry to remove.
configured LDAP search filter to discover the entry to be removed, such as:
(&(objectclass=posixAccount)(uid=
If there is more than one entry that matches this search filter, only the first entry
discovered entry will be removed.
Only one of
-D
, uid_name, or group_name may be specified on the command line.
Specifies the name of the group entry to remove. Note that
configured LDAP search filter to discover the entry to be removed, such as:
(&(objectclass=posixgroup)(cn=
If there is more than one entry that matches this search filter, only the first entry
discovered entry will be removed.
Only one of
-D
, uid_name, or group_name may be specified on the command line.
has been designed to take advantage of the existing LDAP-UX configuration for determining
LDAP_BINDDN
will consult the LDAP-UX configuration for additional information:
/etc/opt/ldapux/pcred
will attempt to contact the first available directory server as defined in
ldapugdel
will first determine if the environment variable
ldapugdel
has been specified. If so, then
has enough privilege to read the
/etc/opt/ldapux/pcred
requires permissions of an LDAP administrator when it performs its operations on
Note that
name
)).
name
)).
or
LDAP_BINDCRED
/etc/opt/ldapux/acred
for non-privileged users).
will attempt to bind to the directory server
ldapugdel
/etc/opt/ldapux/acred
will be used.
utility.
ldapugdel
− 3 −
HP-UX 11i Version 2: December 2007 Update
ldapugdel(1M)
ldapugdel
.
-D
ldapugdel
uses the
ldapugdel
uses the
ldapugdel
will consult the
has not been specified,
for administra-
LDAP_BINDDN
will determine if
ldapugdel
file). Otherwise the
-O
,
or
Advertisement
Table of Contents
