Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     ldapaddent - create LDAP  entries  from  corresponding  /etc

     ldapaddent [-cpv] [-a authenticationMethod] [-b baseDN]
      -D bindDN -w bind_password [-f filename] database

     ldapaddent [-cpv] -asasl/GSSAPI [-b baseDN] [-f filename]

     ldapaddent -d [-v] [-a authenticationMethod] [-D bindDN]
      [-w bind_password] database

     ldapaddent creates entries in  LDAP  containers  from  their
     corresponding  /etc  files. This operation is customized for
     each of  the  standard  containers  that  are  used  in  the
     administration  of  Solaris  systems.  The database argument
     specifies the type of the data being processed. Legal values
     for  this  type are one of aliases, auto_*, bootparams, eth-
     ers, group, hosts (including both IPv4 and IPv6  addresses),
     ipnodes  (alias  for  hosts),  netgroup, netmasks, networks,
     passwd, shadow, protocols, publickey, rpc, and services.  In
     addition  to the preceding, the database argument can be one
     of the RBAC-related files (see rbac(5)):

         o    /etc/user_attr

         o    /etc/security/auth_attr

         o    /etc/security/prof_attr

         o    /etc/security/exec_attr

     By default, ldapaddent reads from  the  standard  input  and
     adds  this  data  to  the LDAP container associated with the
     database specified on the command line. An input  file  from
     which data can be read is specified using the -f option.

     The entries will be stored in the  directory  based  on  the
     client's  configuration,  thus the client must be configured
     to use LDAP naming services. The location where entries  are
     to be written can be overridden by using the -b option.

     If the entry to be added exists in the directory,  the  com-
     mand  displays  an  error and exits, unless the -c option is

     Although, there is a  shadow  database  type,  there  is  no
     corresponding  shadow  container.  Both  the  shadow and the
     passwd data is stored in the people container itself.  Simi-
     larly,  data from networks and netmasks databases are stored
     in the networks container.

     The user_attr and audit_user data is stored  by  default  in
     the  people  container.  The prof_attr and exec_attr data is
     stored by default in the SolarisProfAttr container.

     You must add entries from the  passwd  database  before  you
     attempt  to  add entries from the shadow database. The addi-
     tion of a shadow entry that does not  have  a  corresponding
     passwd entry will fail.

     The passwd database must  precede  both  the  user_attr  and
     audit_user databases.

     For better performance, the recommended order in  which  the
     databases should be loaded is as follows:

         o    passwd database followed by shadow database

         o    networks database followed by netmasks database

         o    bootparams database followed by ethers database

     Only the first entry of a given  type  that  is  encountered
     will  be  added  to  the LDAP server. The ldapaddent command
     skips any duplicate entries.

     The ldapaddent command supports the following options:

     -a authenticationMethod    Specify  authentication   method.
                                The  default  value  is  what has
                                been configured in  the  profile.
                                The    supported   authentication
                                methods are:

                                    o    simple

                                    o    sasl/CRAM-MD5

                                    o    sasl/DIGEST-MD5

                                    o    sasl/GSSAPI

                                    o    tls:simple

                                    o    tls:sasl/CRAM-MD5

                                    o    tls:sasl/DIGEST-MD5
                                Selecting simple causes passwords
                                to  be  sent  over the network in
                                clear text. Its use  is  strongly
                                discouraged. Additionally, if the
                                client is configured with a  pro-
                                file  which  uses  no authentica-
                                tion, that is, either the creden-
                                tialLevel  attribute  is  set  to
                                anonymous or authenticationMethod
                                is set to none, the user must use
                                this option to provide an authen-
                                tication method. If the authenti-
                                cation  method  is   sasl/GSSAPI,
                                bindDN  and  bind_password is not
                                required  and   the   hosts   and
                                ipnodes         fields         of
                                /etc/nsswitch.conf must  be  con-
                                figured as:

                                  hosts: dns files
                                  ipnodes: dns files

                                See nsswitch.conf(4).

     -b baseDN                  Create  entries  in  the   baseDN
                                directory. baseDN is not relative
                                to the  client's  default  search
                                base,   but  rather.  it  is  the
                                actual location where the entries
                                will  be created. If this parame-
                                ter is not specified,  the  first
                                search descriptor defined for the
                                service or the default  container
                                will be used.

     -c                         Continue adding  entries  to  the
                                directory  even  after  an error.
                                Entries will not be added if  the
                                directory     server    is    not
                                responding  or  if  there  is  an
                                authentication problem.

     -D bindDN                  Create an entry which  has  write
                                permission  to  the  baseDN. When
                                used with -d option,  this  entry
                                only needs read permission.

     -d                         Dump the LDAP  container  to  the
                                standard  output in the appropri-
                                ate format for  the  given  data-

     -f filename                Indicates input file to  read  in
                                an /etc/ file format.

     -p                         Process the password  field  when
                                loading password information from
                                a file. By default, the  password
                                field  is  ignored  because it is
                                usually not valid, as the  actual
                                password   appears  in  a  shadow

     -w bind_password           Password to be used for authenti-
                                cating the bindDN. If this param-
                                eter is missing, the command will
                                prompt for a password. NULL pass-
                                words are not supported in LDAP.

                                When you use -w bind_password  to
                                specify  the  password to be used
                                for authentication, the  password
                                is  visible to other users of the
                                system by means of  the  ps  com-
                                mand, in script files or in shell

     -v                         Verbose.

     The following operands are supported:

     database    The name of the database or service  name.  Sup-
                 ported  values are: aliases, auto_*, bootparams,
                 ethers, group, hosts (including IPv6 addresses),
                 netgroup,  netmasks,  networks,  passwd, shadow,
                 protocols, publickey, rpc,  and  services.  Also
                 supported  are  auth_attr, prof_attr, exec_attr,
                 user_attr, and projects.

     Example 1 Adding Password Entries to the Directory Server

     The following example show how to add  password  entries  to
     the directory server:

       example# ldapaddent -D "cn=directory manager" -w secret \
             -f /etc/passwd passwd

     Example 2 Adding Group Entries

     The following example shows how to add group entries to  the
     directory  server  using sasl/CRAM-MD5 as the authentication

       example# ldapaddent -D "cn=directory manager" -w secret \
            -a "sasl/CRAM-MD5" -f /etc/group group

     Example 3 Adding auto_master Entries

     The following example shows how to add  auto_master  entries
     to the directory server:

       example# dapaddent -D "cn=directory manager" -w secret \
            -f /etc/auto_master auto_master

     Example 4 Dumping password Entries  from  the  Directory  to

     The following examples shows how to  dump  password  entries
     from the directory to a file foo:

       example# ldapaddent -d passwd > foo

     The following exit values are returned:

     0     Successful completion.

     >0    An error occurred.

     /var/ldap/ldap_client_file    Files containing the LDAP con-
     /var/ldap/ldap_client_cred    figuration   of   the  client.
                                   These  files  are  not  to  be
                                   modified  manually. Their con-
                                   tent is not guaranteed  to  be
                                   human       readable.      Use
                                   ldapclient(1M) to update these

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |
    | Interface Stability         | Evolving                    |

     ldap(1), ldaplist(1),  ldapmodify(1),  ldapmodrdn(1),  ldap-
     search(1),  idsconfig(1M),  ldapclient(1M),  suninstall(1M),
     nsswitch.conf(4), attributes(5)

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.