Партнёры:
Хостинг:
NAME
ldapclient, ldap_gen_profile - initialize LDAP client
machine or create an LDIF of an LDAP client profile
SYNOPSIS
/usr/sbin/ldapclient [ -v ] -P profile_name [ -d
domaianname ] LDAP_server_addr
/usr/sbin/ldapclient -i | -m [ -O ] [ -v ] [ -a none |
simple | cram_md5 ] [ -b baseDN ] [
-B alternate_search_dn ] [ -d domainname ] [ -D Bind_DN ]
[ -e client_TTL ] [ -o timeout_value ] [
-p server_preference ] [ -r follow_referals ] [
-w client_password ] LDAP_server_addr ...
/usr/sbin/ldapclient -l
/usr/sbin/ldapclient -u [ -v ]
/usr/sbin/ldap_gen_profile -P profile_name [ -O ] [ -a
none | simple | cram_md5 ] [ -b baseDN ] [
-B alternate_search_dn ] [ -d domainname ] [ -D Bind_DN ]
[ -e client_TTL ] [ -o timeout_value ] [
-p server_preference ] [ -r follow_referals ] [
-w client_password ] LDAP_server_addr ...
DESCRIPTION
The ldapclient utility can be used to:
o initialize LDAP client machines
o restore the network service environment on LDAP
clients
o list the contents of the LDAP client cache in human-
readable format.
The ldap_gen_profile utility creates (on the standard out-
put) an LDIF file that can be loaded into an LDAP server to
be used as the client profile, which can be downloaded by
ldapclient.
The synopsis (-P profile_name) is used to initialize an LDAP
client machine, using a profile stored on an LDAP server
specified by LDAP_server_addr. This is simplest method and
will provide the default format with all the correct set-
tings for talking to the set of servers. It will also
ensure that the ldap_cachemgr(1M) can automatically update
the configuration file as it changes.
The second synopsis (-i | -m) is used to initialize a LDAP
client machine. The -i option is used to convert machines to
use LDAP or to change the machine's domain name. It assigns
a default value for the required parameters if they are not
specified. You must be logged in as superuser on the
machine that is to become a LDAP client. The -m option is
used to modify the parameters in the cache file. It updates
the parameter specified.
The -i option in conjunction with -a none option can be used
to initialize an unauthenticated LDAP client machine without
having to specify a password.
If the authentication method such as simple or cram_md5r
equires a password and one is not specified with the -w
client_password option, the administrator is prompted for
the password. If one is not provided, the command will
fail.
During the client initialization process, files that are
being modified are backed up as files.orig. The files that
are usually modified during a client initialization are:
/etc/defaultdomain, /etc/nsswitch.conf, and, if they exist,
/var/yp/binding/`domainname` for a NIS(YP) client or
/var/nis/NIS_COLD_START for a NIS+ client, or if the machine
is already an LDAP client, /var/ldap/ldap_client_cache and
/var/ldap/ldap_client_cred. Note that a file will not be
saved if a backup file already exists.
The -i option does not set up an LDAP client to resolve
hostnames using DNS. Refer to the DNS documentation for
information on setting up DNS. See resolv.conf(4).
The third synopsis (-l) is used to list the LDAP client
cache. The output will be human-readable (cache files are
not guaranteed to be human-readable.)
The fourth synopsis (-u) is used to uninitialize the network
service environment, restoring it to the one in use before
ldapclient -i was executed. You must be logged in as
superuser on the machine that is to be restored. The res-
toration will succeeds only if the machine was initialized
with ldapclient -i because it uses the backup files created
by the -i option.
The machine must be rebooted after initializing a machine or
restoring the network service.
OPTIONS
The following options are supported:
-a none | simple | cram_md5
Specify authentication method. Multiple values can be
specified, separated by commas. The default value is
none. If simple or cram_md5 is specified, a password
must be provided (see -w below).
-b baseDN
Specify search baseDN (for example
dc=eng,dc=sun,dc=com.) The default is the root naming
context on the first server specified.
-B alternate_search_dn
Specify alternative baseDN for LDAP searches (for
example, ou=people,dc=corp,dc=sun,dc=com.) An define
alternative search baseDN can be defined for each
database possible in the /etc/nsswitch.conf file (see
nsswitch.conf(4)). To remove a specific alternate
baseDN, specify the database without any argument (for
example, "passwd:"). The default value for all data-
bases is NULL.
-d domainname
Specify the domain name (which becomes the default-
domain for the machine). The default is the current
domain name.
-D Bind_DN
Specify the Bind Distinguished Name (for example,
cn=proxyagent,ou=profile,cd=eng,dc=sun,dc=com.)
-e client_TTL
Specify the TTL value for the client information.
This is only relevant if the machine was initialized
with a client profile. Set client_TTL to 0 (zero) if
you do not wish for ldap_cachemgr to attempt an
automatic refresh from the servers. The times are
specified with either a zero ``0'' (for no expiration)
or a positive integer and either ``d'' for days, ``h''
for hours, ``m'' for minutes or ``s'' for seconds.
The default is 12h.
-i Initialize client.
-l (ell)
List the contents of the LDAP client cache. The out-
put (sent to standard output) is meant to be easily
readable (the direct contents of the cache files might
not be easily readable.).
-m Modify parameters in the configuration file.
-o timeout_value
Specify LDAP operation timeout value. The default is
the TCP default (usually 3 minutes.)
-O Inform the client to contact only the servers on the
preferred list (if for instance they are at the wrong
end of a WAN). The default is FALSE.
-p server_preference
Specify the server preference list (for example,
129.100.100.0:8080,129.100.200.1:386.) The preferred
servers can be defined either by the server specific
address or the subnet that the server resides. To
remove the server preference, specify "" for the -p
option. The default preference is the local subnet.
-P profile_name
Specify a profile that is downloaded from the server
and sets all the entries automatically. This option
also sets an expiration time that ldap_cachemgr can
use to automatically update the file if needed. The
default profile_name is 'default' and is stored in the
bind distinguished name. The profile name is also
stored in cache file.
-r follow_referals
Specify the search referal option, either followref or
noref. The default is followref.
-u Uninitialize LDAP client. This option is appropriate
only if ldapclient was used to initialize client.
-v Specify verbose mode.
-w client_password
Specify client password for simple and cram_md5
authentication modes. This option is not required if
authentication mode is none.
OPERANDS
The following operands are supported:
LDAP_server_addr
Server address (for example,
129.100.100.1:389,129.100.200.1.) The port number is
optional; if not specified, the default LDAP server
port number ':389' is used.
EXAMPLES
Example 1: Setup a client using the default profile stored
on the server specified.
Setup a client using the default profile stored on the
server specified. This should list all the correct values
for talking to your domain.
example# ldapclient -P default 129.100.100.1
Example 2: Setup a client using only one server and with
authentication mode of none.
example# ldapclient -i -a none 129.100.100.1
Example 3: Setup a client using only one server and with
authentication mode of cram_md5.
Setup an LDAP client to use cram_md5 with client password
"secret", with the domain information expiring once a week,
with no search dereference, with the domain name
"xyz.sun.com", and with the LDAP server running on port
number 386 at IP address 129.100.100.1.
example# ldapclient -i -a cram_md5 -w secret -d xyz.sun.com. \
-r noref 129.100.100.1:386
Example 4: Setup a client using two servers and with authen-
tication mode of simple.
Setup an LDAPclient using two servers and with authentica-
tion mode of simple. The user will be prompted for a client
password.
example# ldapclient -i 129.100.100.1 129.100.234.15:386
Example 5: Setup a client with authentication mode of none.
Setup an LDAP client with authentication mode of none that
does not try an encrypt the transport with SSL and talks to
only one server.
example# ldapclient -i -a none -a 129.140.44.1
Example 6: Use ldap_gen_profile to set only the Base DN and
the server addresses.
Use ldap_gen_profile to set only the Base DN and the server
addresses, usoing all possible default values.
example# ldap_gen_profile \
-D cn=proxyagent,ou=profile,cd=eng,dc=sun,dc=com \
129.100.100.1 129.100.234.15:386 > ldif_profile
Example 7: Create a profile overriding every default value.
example# ldap_gen_profile -P eng -a cram_md5 -d ge.co.uk -w test123 \
-b dc=eng,dc=ge-uk,dc=com -B ou=people,dc=lab,dc=ge-uk,dc=com \
-D cn=proxyagent,ou=profile,cd=eng,dc=ge-uk,dc=com -r noref \
-e 1h -O -p 129.100.100.0 -o 30s 129.100.200.1 129.100.100.1 \
204.34.5.6 > ldif_profile
FILES
/var/ldap/ldap_client_cache
contains a list of servers, their transport addresses,
and the security method used to access them
/var/ldap/ldap_client_cred
contains Bind Distinguished Name (see -D above) and
the encrypted password
/etc/defaultdomain
system default domainname, matching the domainname of
the "NIS data" in the LDAP servers
/etc/nsswitch.conf
configuration file for the name-service switch
/etc/nsswitch.ldap
sample configuration file that uses "files" and "ldap"
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnisu |
|_____________________________|_____________________________|
SEE ALSO
ldap(1), ldapadd(1), ldapdelete(1), ldaplist(1), ldapmo-
dify(1), ldapmodrdn(1), ldapsearch(1), ldap_cachemgr(1M),
suninstall(1M), resolv.conf(4), attributes(5)
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |