mkldap command
Purpose
Sets up Virtual I/O Server as a Lightweight Direct Access Protocol (LDAP) client.
Syntax
mkldap -host serverlist -bind bindDN -passwd bindpwd [ -base baseDN ] [ -port serverport ] [ -ctimeout cacheTimeout ] [ -csize cacheSize ] [ -threads NumberofThreads ] [ -hbeatint heartBeatInt ] [-keypath SSL_database_path ] [-keypasswd SSL_password ] [ -auth authType ] [ -users userlist | ALL]
mkldap -deconfig
Description
You can supply multiple LDAP servers to the mkldap command during client setup. In this case, the client contacts the servers in the supplied order and establishes connection to the first server to which the client can successfully bind.
The LDAP client communicates to the LDAP server through a client side daemon, secldapclntd.
The secldapclntd command is enabled or disabled by using the startnetsvc and stopnetsvc commands.
Flags
Flag name | Description |
---|---|
-host serverlist | Specifies comma-separated list of host names. |
-bind bindDN | Specifies the DN (distinguished name) to bind to the LDAP server. |
-passwd bindpwd | Specifies the clear text password for the bindDN used to bind to the LDAP server. |
-base baseDN | Specifies the base DN for the mkldap command, in which to search for the user base DN and group base DN. If you do not specify this flag, the entire database is searched. |
-port serverport | Specifies the port number to which the LDAP server is listening. |
-ctimeout cachetimeout | Specifies the maximum time length that a cache entry expires. Set this value to 0 to disable caching. |
-csize cacheSize | Specifies the maximum number of user entries used in the client side daemon cache. |
-threads NumberofThreads | Specifies the numbers of threads that the client side daemon uses. |
-hbeatint heartBeatInt | Specifies the time interval of heartbeats between the client and the LDAP server. |
-keypath SSL_database_path | Specifies the full path
to the SSL database.
Note: This requires the ldap.max_crypto_client
fileset to be installed.
|
-keypasswd SSL_password | Specifies the password
for the SSL key.
Note: This requires the ldap.max_crypto_client fileset
to be installed.
|
-auth authType | Specifies the authentication mechanism that is used to authenticated users. Valid values are unix_auth and ldap_auth. |
-users userlist | Specifies the comma-separted list of user names to enable for LDAP authentication. Specify ALL to enable all users on the client. |
-deconfig bindpwd | Specifies that the previous client setup to the LDAP client configuration file should be undone. |
Exit Status
Return code | Description |
---|---|
0 | Success |
1 | Invalid flag, argument, or command failure |
Examples
- Run the mkldap command with the -users flag for an user ID to become a
LDAP user
ID:
mkldap -host ldapserv1 -bind cn=admin -passwd adminpwd -users user1,user2
Note: Only users listed in the optional -users flag, will have LDAP authentication enabled. Other LDAP users are not enabled with LDAP authentication, even if SYSTEM = "compact or LDAP" is mentioned in the /etc/security/user file. - To setup the client to talk to the server3.your_company.com LDAP
server by using SSL, enter the following command:
mkldap -bind cn=admin -passwd adminpwd -host server3.your_company.com -base o=mycompany,c=us -keypath /usr/ldap/clientkey.kdb -keypasswd keypwd -users user1,user2
Either of these commands set up the local host as the client of the LDAP server running on host ldapserv1 and cn=admin and -passwd adminpwd are the LDAP server administrator DN and password.
Files
File path | Description |
---|---|
/etc/security/ldap/ldap.cfg | Contains the mkldap command, and server bind DN, password, server name, the SSL key path and password, and other configuration attributes. |