ldapaddent(1M)
NAME
ldapaddent - create LDAP entries from corresponding /etc
files
SYNOPSIS
ldapaddent [-cpv] [-a authenticationMethod] [-b baseDN] -D
bindDN -w bind_password [-f filename] database
ldapaddent -d [-v] [-a authenticationMethod] [-b baseDN] [-D
bindDN] [-w bind_password] database
DESCRIPTION
ldapaddent creates entries in LDAP containers from their
corresponding /etc files. This operation is customized for
each of the standard containers that are used in the
administration of Solaris systems. The database argument
specifies the type of the data being processed. Legal values
for this type are one of aliases, auto_*, bootparams, eth-
ers, group, hosts (including IPv6 addresses), netgroup,
netmasks, networks, passwd, shadow, protocols, publickey,
rpc, and services.
By default, ldapaddent reads from the standard input and
adds this data to the LDAP container associated with the
database specified on the command line. An input file from
which data can be read is specified using the -f option.
The entries will be stored in the directory based on the
client's configuration, thus the client must be configured
to use LDAP naming services. The location where entries are
to be written can be overridden by using the -b option.
If the entry to be added exists in the directory, the com-
mand displays an error and exits, unless the -c option is
used.
Although, there is a shadow database type, there is
no corresponding shadow container. Both the shadow and the
passwd data is stored in the people container itself. Simi-
larly, data from networks and netmasks databases are stored
in the networks container.
You must add entries from the passwd database before you
attempt to add entries from the shadow database. The addi-
tion of a shadow entry that does not have a corresponding
passwd entry will fail.
For better performance, the recommended order in which the
databases should be loaded is as follows:
o passwd database followed by shadow database
o networks database followed by netmasks database
o bootparams database followed by ethers database
Only the first entry of a given type that is encountered
will be added to the LDAP server. The ldapaddent command
skips any duplicate entries.
OPTIONS
The ldapaddent command supports the following options:
-a authenticationMethod
Specify authentication method. The default value is
what has been configured in the profile. The sup-
ported authentication methods are:
o simple
o sasl/CRAM-MD5
o sasl/DIGEST-MD5
o tls:simple
o tls:sasl/CRAM-MD5
o tls:sasl/DIGEST-MD5
Selecting simple causes passwords to be sent over the
network in clear text. Its use is strongly
discouraged. Additionally, if the client is config-
ured with a profile which uses no authentication, that
is, either the credentialLevel attribute is set to
anonymous or authenticationMethod is set to none, the
user must use this option to provide an authentication
method.
-b baseDN
Create entries in the baseDN directory. baseDN is not
relative to the client's default search base, but
rather. it is the actual location where the entries
will be created. If this parameter is not specified,
the first search descriptor defined for the service or
the default container will be used.
-c Continue adding entries to the directory even after an
error. Entries will not be added if the directory
server is not responding or if there is an authentica-
tion problem.
-D bindDN
Create an entry which has write permission to the
baseDN. When used with -d option, this entry only
needs read permission.
-d Dump the LDAP container to the standard output in the
appropriate format for the given database.
-f filename
Indicates input file to read in an /etc/ file format.
-p Process the password field when loading password
information from a file. By default, the password
field is ignored because it is usually not valid, as
the actual password appears in a shadow file.
-w bind_password
Password to be used for authenticating the bindDN. If
this parameter is missing, the command will prompt for
a password. NULL passwords are not supported in LDAP.
When you use -w bind_password to specify the password
to be used for authentication, the password is visible
to other users of the system by means of the ps com-
mand, in script files or in shell history.
-v Verbose.
OPERANDS
The following operands are supported:
database
The name of the database or service name. Supported
values are: aliases, auto_*, bootparams, eth-
ers, group, hosts (including IPv6 addresses), net-
group, netmasks, networks, passwd, shadow, protocols,
publickey, rpc, and services.
EXAMPLES
Example 1: Adding Password Entries to the Directory Server
The following example show how to add password entries to
the directory server:
example# ldapaddent -D "cn=directory manager" -w secret \
-f /etc/passwd passwd
Example 2: Adding Group Entries
The following example shows how to add group entries to the
directory server using sasl/CRAM-MD5 as the authentication
method:
example# ldapaddent -D "cn=directory manager" -w secret \
-a "sasl/CRAM-MD5" -f /etc/group group
Example 3: Adding auto_master Entries
The following example shows how to add auto_master entries
to the directory server:
example# dapaddent -D "cn=directory manager" -w secret \
-f /etc/auto_master auto_master
Example 4: Dumping password Entries from the Directory to
File
The following examples shows how to dump password entries
from the directory to a file foo:
example# ldapaddent -d passwd > foo
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
FILES
/var/ldap/ldap_client_file
/var/ldap/ldap_client_cred
Files containing the LDAP configuration of the client.
These files are not to be modified manually. Their
content is not guaranteed to be human readable. Use
ldapclient(1M) to update these files.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnisu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
ldap(1), ldaplist(1), ldapmodify(1), ldapmodrdn(1), ldap-
search(1), idsconfig(1M), ldapclient(1M), suninstall(1M),
attributes(5)
Man(1) output converted with
man2html