LDAPADDENT(8) | Maintenance Commands and Procedures | LDAPADDENT(8) |
ldapaddent - create LDAP entries from corresponding /etc files
ldapaddent [-cpv] [-a authenticationMethod] [-b baseDN]
-D bindDN [-w bind_password] [-j passwdFile] [-f filename]
database
ldapaddent [-cpv] -a sasl/GSSAPI [-b baseDN] [-f filename]
database
ldapaddent -d [-v] [-a authenticationMethod] [-D bindDN]
[-w bind_password] [-j passwdFile] database
ldapaddent [-cpv] -h LDAP_server[:serverPort] [-M domainName]
[-N profileName] [-P certifPath] [-a authenticationMethod]
[-b baseDN] -D bindDN [-w bind_password] [-f filename]
[-j passwdFile] database
ldapaddent [-cpv] -h LDAP_server[:serverPort] [-M domainName]
[-N profileName] [-P certifPath] [-a authenticationMethod]
[-b baseDN] [-f filename] database
ldapaddent -d [-v] -h LDAP_server[:serverPort] [-M domainName]
[-N profileName] [-P certifPath] [-a authenticationMethod]
[-b baseDN] -D bindDN [-w bind_password] [-j passwdFile]
database
ldapaddent creates entries in LDAP containers from their corresponding /etc files. This operation is customized for each of the standard containers that are used in the administration of Solaris systems. The database argument specifies the type of the data being processed. Legal values for this type are one of aliases, auto_*, bootparams, ethers, group, hosts (including both IPv4 and IPv6 addresses), ipnodes (alias for hosts), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services. In addition to the preceding, the database argument can be one of the RBAC-related files (see rbac(7)):
By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. An input file from which data can be read is specified using the -f option.
If you specify the -h option, ldapaddent establishes a connection to the server indicated by the option in order to obtain a DUAProfile specified by the -N option. The entries will be stored in the directory described by the configuration obtained.
By default (if the -h option is not specified), entries will be stored in the directory based on the client's configuration. To use the utility in the default mode, the Solaris LDAP client must be set up in advance.
The location where entries are to be written can be overridden by using the -b option.
If the entry to be added exists in the directory, the command displays an error and exits, unless the -c option is used.
Although, there is a shadow database type, there is no corresponding shadow container. Both the shadow and the passwd data is stored in the people container itself. Similarly, data from networks and netmasks databases are stored in the networks container.
The user_attr data is stored by default in the people container. The prof_attr and exec_attr data is stored by default in the SolarisProfAttr container.
You must add entries from the passwd database before you attempt to add entries from the shadow database. The addition of a shadow entry that does not have a corresponding passwd entry will fail.
The passwd database must precede the user_attr database.
For better performance, the recommended order in which the databases should be loaded is as follows:
Only the first entry of a given type that is encountered will be added to the LDAP server. The ldapaddent command skips any duplicate entries.
The ldapaddent command supports the following options:
-a authenticationMethod
hosts: dns files ipnodes: dns files
See nsswitch.conf(5).
-b baseDN
-c
-D bindDN
-d
-f filename
-h LDAP_server[:serverPort]
-j passwdFile
-M domainName
-N profileName
-P certifPath
-p
-w bindPassword
When you use -w bindPassword to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history.
If you supply "-" (hyphen) as a password, you will be prompted to enter a password.
-v
The following operands are supported:
database
Example 1 Adding Password Entries to the Directory Server
The following example shows how to add password entries to the directory server:
example# ldapaddent -D "cn=directory manager" -w secret \
-f /etc/passwd passwd
Example 2 Adding Group Entries
The following example shows how to add group entries to the directory server using sasl/CRAM-MD5 as the authentication method:
example# ldapaddent -D "cn=directory manager" -w secret \
-a "sasl/CRAM-MD5" -f /etc/group group
Example 3 Adding auto_master Entries
The following example shows how to add auto_master entries to the directory server:
example# ldapaddent -D "cn=directory manager" -w secret \
-f /etc/auto_master auto_master
Example 4 Dumping passwd Entries from the Directory to File
The following example shows how to dump password entries from the directory to a file foo:
example# ldapaddent -d passwd > foo
Example 5 Adding Password Entries to a Specific Directory Server
The following example shows how to add password entries to a directory server that you specify:
example# ldapaddent -h 10.10.10.10:3890 \ -M another.domain.name -N special_duaprofile \ -D "cn=directory manager" -w secret \ -f /etc/passwd passwd
The following exit values are returned:
0
>0
/var/ldap/ldap_client_file
/var/ldap/ldap_client_cred
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Committed |
ldap(1), ldaplist(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1), nsswitch.conf(5), attributes(7), idsconfig(8), ldapclient(8)
Currently StartTLS is not supported by libldap.so.5, therefore the port number provided refers to the port used during a TLS open, rather than the port used as part of a StartTLS sequence. For example:
-h foo:1000 -a tls:simple
The preceding refers to a raw TLS open on host foo port 1000, not an open, StartTLS sequence on an unsecured port 1000. If port 1000 is unsecured the connection will not be made.
May 13, 2017 | OmniOS |