Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
ldapaddent(1M)		System Administration Commands		ldapaddent(1M)

       ldapaddent - create LDAP	entries	from corresponding /etc	files

       ldapaddent  [-cpv] [-a authenticationMethod] [-b	baseDN]	-D   bindDN -w
       bind_password [-f filename] database

       ldapaddent -d [-v] [-a authenticationMethod] [-b	baseDN]	 [-D   bindDN]
       [-w bind_password] database

       ldapaddent creates entries in LDAP containers from their	 corresponding
       /etc  files. This operation is customized for each of the standard con-
       tainers	that  are  used	in the administration of  Solaris systems. The
       database	argument specifies the type of the data	being processed. Legal
       values  for  this  type are one of aliases, auto_*, bootparams, ethers,
       group, hosts (including IPv6 addresses),	netgroup, netmasks,  networks,
       passwd, shadow, protocols, publickey, rpc, and services.

       By  default,  ldapaddent	 reads	from the standard input	and adds  this
       data to the LDAP	container associated with the  database	 specified  on
       the  command  line. An input file from which data can be	read is	speci-
       fied using the -f option.

       The entries will	be stored in the directory based on the	client's  con-
       figuration,  thus the client must be configured to use LDAP naming ser-
       vices.  The location where entries are to be written can	be  overridden
       by using	the -b option.

       If  the entry to	be added exists	in the directory, the command displays
       an error	and exits, unless the -c option	is used.

       Although, there is  a  shadow  database	type,  there   is   no	corre-
       sponding	  shadow  container.  Both  the	shadow and the passwd  data is
       stored in the people container itself. Similarly,  data	from  networks
       and netmasks databases are stored in the	networks container.

       For  better  performance,  the recommended order	in which the databases
       should be loaded	is as follows:

       You must	add entries from the passwd database before you	attempt	to add
       entries	from  the shadow database. The addition	of a shadow entry that
       does not	have a corresponding passwd entry will fail.

       For better performance, the recommended order in	 which	the  databases
       should be loaded	is as follows:

	  o  passwd database followed by shadow	database

	  o  networks database followed	by netmasks database

	  o  bootparams	database followed by ethers database

       Only  the first entry of	a given	type that is encountered will be added
       to the LDAP server. The ldapaddent command skips	any duplicate entries.

       The ldapaddent command supports the following options:

       -a authenticationMethod
	     Specify authentication  method.  The default value	 is  what  has
	     been  configured  in  the	profile.  The supported	authentication
	     methods are:

		o  simple

		o  sasl/CRAM-MD5

		o  sasl/DIGEST-MD5

		o  tls:simple

		o  tls:sasl/CRAM-MD5

		o  tls:sasl/DIGEST-MD5
	     Selecting simple causes passwords to be sent over the network  in
	     clear  text.   Its	use is strongly	discouraged.  Additionally, if
	     the client	is configured with a profile which uses	no authentica-
	     tion,  that  is,  either  the credentialLevel attribute is	set to
	     anonymous or authenticationMethod is set to none, the  user  must
	     use this option to	provide	an authentication method.

       -b baseDN
	     Create  entries  in the baseDN directory.	baseDN is not relative
	     to	the client's default search base, but rather. it is the	actual
	     location where the	entries	will be	created. If this parameter  is
	     not specified, the	first search descriptor	defined	for  the  ser-
	     vice or the default container will	be used.

       -c    Continue adding entries to	the directory even after an error. En-
	     tries will	not be added if	the directory server is	not responding
	     or	if there is an authentication problem.

       -D bindDN
	     Create  an	 entry	which has write	permission to the baseDN. When
	     used with -d option, this entry only needs	read permission.

       -d    Dump the LDAP container to	the standard output in the appropriate
	     format for	the given database.

       -f filename
	     Indicates input file to read in an	/etc/ file format.

       -p    Process the password field	when loading password information from
	     a file. By	default, the password  field is	ignored	because	it  is
	     usually  not   valid,  as the actual password appears in a	shadow

       -w bind_password
	     Password to be used for authenticating the	bindDN.	 If  this  pa-
	     rameter is	missing, the command will prompt for a password.  NULL
	     passwords are not supported in LDAP.

	     When you use -w bind_password to specify the password to be  used
	     for authentication, the password is visible to other users	of the
	     system by means of	the ps command,	in script files	 or  in	 shell

       -v    Verbose.

       The following operands are supported:

	     The  name	of  the	 database  or  service	name. Supported	values
	     are: aliases, auto_*, bootparams, ethers,	group, hosts  (includ-
	     ing  IPv6	addresses),  netgroup,	netmasks,   networks,  passwd,
	     shadow, protocols,	publickey, rpc,	and services.

       Example 1: Adding Password Entries to the  Directory Server

       The following example show how to add password entries to the directory

       example#	ldapaddent -D "cn=directory manager" -w	secret \
	     -f	/etc/passwd passwd

       Example 2: Adding Group Entries

       The  following  example shows how to add	group entries to the directory
       server using sasl/CRAM-MD5 as the authentication	method:

       example#	ldapaddent -D "cn=directory manager" -w	secret \
	    -a "sasl/CRAM-MD5" -f /etc/group group

       Example 3: Adding auto_master Entries

       The following example shows how to add auto_master entries to  the  di-
       rectory server:

       example#	dapaddent -D "cn=directory manager" -w secret \
	    -f /etc/auto_master	auto_master

       Example 4: Dumping password Entries from	the Directory to File

       The  following examples shows how to dump password entries from the di-
       rectory to a file foo:

       example#	ldapaddent -d passwd > foo

       The following exit values are returned:

       0     Successful	completion.

       >0    An	error occurred.


	     Files containing the LDAP	configuration  of  the	client.	 These
	     files are not to be modified manually. Their content is not guar-
	     anteed to be human	readable.  Use ldapclient(1M) to update	 these

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWnisu			   |
       |Interface Stability	     |Evolving			   |

       ldap(1),	 ldaplist(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1), id-
       sconfig(1M), ldapclient(1M), suninstall(1M), attributes(5)

SunOS 5.9			  5 Feb	2002			ldapaddent(1M)


Want to link to this manual page? Use this URL:

home | help