mkprtldap Command
Purpose
Configures IBM® Directory (LDAP) for Directory enabled System V print. It also configures client machines to use the Directory for System V print information.
Syntax
To configure the IBM Directory to store System V Print information:
mkprtldap -s -a AdminDN -p Adminpasswd -w ACLBindPasswd [-f] [-d nodeDN]
To configure clients to use the IBM Directory for System V Print information:
mkprtldap -c -h DirectoryServerHostname -w ACLBindPasswd [ -d PrintBindDN ] [-U]
To get usage information for the mkprtldap command:
mkprtldap ?
Description
The mkprtldap command configures the IBM Directory (LDAP) server, and one or more clients to use the Directory (LDAP) for System V Print information. This command must be run on the system being setup as the server and on all the client systems. Once the Directory (LDAP) server is configured for System V print, the directory enabled System V Print commands (dslpadmin, dslpaccess, dslpsearch, dslpenable, dslpdisable, dslpaccept, lp, lpstat, cancel and dslpreject ) must be run to add , remove and manage System V print information (printers and print queues) on the Directory (LDAP) server. The mkprtldap command configures client machines to use the Directory (LDAP) server for System V print information.
The mkprtldap command requires
the IBM Directory server
software to be installed on the machine being configured as the server.
The command also requires the IBM Directory client software
to be installed on all client machines that will use the Directory
(LDAP) server for System V print information.
Note: The client (-c flag)
and the server (-s server) options cannot be run at the same
time. When setting up a system as the server, the mkprtldap command
should be run twice on that system. Once to set up the server, and
again to set up the client.
During the server side configuration,
using the -s flag, the mkprtldap command:
- Requires the IBM Directory Administrator's DN and password if the Directory has been configured. If the Directory Administrator's DN and password have not been set, mkprtldap will set them with the values passed to the command.
- Creates the AIX® Information tree DN (cn=aixdata container object) on the Directory if one is not present. The print subtree will be created under the AIX Information subtree. If an existing AIX Information subtree exists on the Directory, the print subtree will be created under it. All System V print information will be stored under the print subtree. The directory enabled System V print commands have to be run to add printers and print queues under the print subtree created.
- The default suffix and AIX Information tree for the mkprtldap command is a top level container object cn=aixdata. The Print subtree (ou=print) will be created under the AIX Information tree.
- The print subtree is ACL protected with the value of the ACLBindPasswd parameter passed to the command. The same value must be used when configuring clients to use the Directory for System V print information. Select a password value that is difficult for people or password cracking programs to guess.
- If the -d option is used and a valid existing node on the Directory is passed to the command, the AIX Information subtree is created under the given node. The print subtree is then created under the AIX Information subtree.
- Starts the IBM Directory server after all the above is done
- Adds the IBM Directory server process (slapd) to the /etc/inittab file to have the server start after a reboot.
- Saves the IBM Directory (LDAP) server host name in the /etc/ldapsvc/server.print file.
- Saves the AIX Print Bind DN in the /etc/ldapsvc/server.print file.
- Saves the ACL Bind Password for the AIX Print Bind DN in the /etc/ldapsvc/system.print file. The value of the ACL Bind password must be the same as the one specified during the configuration of the Directory server.
- Undo a previous client configuration if the -U flag is specified. This option will replace the /etc/ldapsvc/system.print and /etc/ldapsvc/server.print files with the previous saved copies of the files (/etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save).
Flags
Server
| Item | Description |
|---|---|
| -a AdminDN | Specifies the Directory (LDAP) Administrator's DN. |
| -d nodeDN | This advanced option requires a valid existing node DN on the Directory under which the AIX Information tree and Print Subtree will be created. |
| -f | The force flag is required by the mkprtldap command to force the creation of the Print subtree (and AIX Information subtree if needed) when one or more AIX Information trees exist on the Directory. |
| -p adminpasswd | Specifies the Directory (LDAP) Administrator's password. |
| -s | Indicates the command is being run to configure the Directory for System V print. |
| -w ACLBindPasswd | Specifies the password to ACL protect the Print Subtree on the Directory. Select a password value that is difficult for people or password cracking programs to guess. |
Client
| Item | Description |
|---|---|
| -c | Indicates the command is being run to configure clients to use the Directory for System V Print information. |
| -d PrintBindDN | Specifies the Print Bind DN. The default Print Bind DN is ou=print,cn=aixdata. The Print Bind DN to use during Client configuration is displayed at the end of the server setup of the mkprtldap command. |
| -h DirectoryServerHostname | Hostname of the IBM Directory server setup to store System V Print information. |
| -U | Undo a previous configuration of a client. |
| -w ACLBindPasswd | The ACL Bind Password for the print subtree. The ACL Bind password is specified during the server setup of the mkprtldap command. The value of the ACL Bind Password must match the one used during the setup of the Directory server. |
Usage
| Item | Description |
|---|---|
| ? | Displays usage information for the mkprtldap command. |
Security
This command can be run by the root user
only.
Examples
- To configure System V print on a machine with a configured IBM Directory server -
The Administrator DN and password are required to configure System V print on the Directory. Assume the existing Administrator's DN and password are cn=admin and passwd.
mkprtldap -s -a cn=admin -p passwd -w pass123wd - The mkprtldap command provides the option to configure
the IBM Directory to
store the print information under a pre-existing node (e.g. o=ibm,c=us)
on the Directory [Advanced Option]. This is only recommended when
it is necessary to store the print information under the existing
node on the Directory for specific reasons. The recommend option is
to store the print subtree in the default location on the Directory
by not specifying the -d option. The Administrator DN and
password are required to configure System V print on the Directory
Assume the existing Administrator's DN and password are cn=admin and passwd.
Running the command will create an AIX Information tree (cn=aixdata) under the o=ibm,c=us object. The print subtree will be created under this new object (cn=aixdata, o=ibm, c=us).mkprtldap -a cn=admin -p passwd -w acl123passwd -d o=ibm,c=us - To configure System V print on a machine with a configured IBM Directory server and an existing AIX Information tree. There might be situations where the
Directory contains an existing AIX information tree with
other subsystem specific information (e.g Security or NIS information). It might be required to
store the print information in a separate location on the Directory under a different AIX Information tree. The command, by default, will not create
a new AIX Information tree if one exists on the Directory.
To force the command to create a new AIX Information tree
to store the print information, use the -f flag with the command. Consider the case where the
Security and NIS subsystem information is stored under the AIX Information tree at cn=aixdata,o=ibm,c=us. To
create a new AIX Information tree for print information
different from the existing one, run the command with the -f flag and specify the default
location or another node. The Administrator DN and password are required to configure System V print
on the Directory. Assume the existing Administrator's DN and password are cn=admin and
passwd:
mkprtldap -a cn=admin -p passwd -w passwd123 -fRunning the command will create a new AIX Information tree (cn=aixdata) with the suffix (cn=aixdata) and the print information will be stored under this new AIX Information tree (ou=print, cn=aixdata). There will be two AIX Information trees on the Directory in this example cn=aixdata,o=ibm,c=us and cn=aixdata. The print information will be under the cn=aixdata object (suffix - cn=aixdata). For mkprtldap, it is recommend to use the default location to add the print information to the Directory.
- To configure a client to use an IBM Directory setup for
System V Print on host server.ibm.com, type:
Please ensure that the ACL Bind Password (passwd) is the same as the one specified during the setup of the Directory Server. Running the command without specifying a Print Bind DN value with the -d option will cause the command to use the default Print Bind DN ou=print,cn=aixdata. The Print Bind DN must match the one displayed at the end of running the mkprtldap command to configure the server.mkprtldap -c -h server.ibm.com -w passwd - To change the information in the client side configuration files,
run the mkprtldap command with the new information
Executing this command on a client that has already been configured will change the information in the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print files to contain the new configuration information. The original contents of the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print will stored in the /etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save files.mkprtldap -c -h server.ibm.co.uk -w aclpasswd -d ou=print,cn=aixdata,c=uk
Files
| Mode | File | Description |
|---|---|---|
| rw | /etc/slapd32.conf | (Server configuration) - Contains the IBM Directory (LDAP Version 5.2) configuration information. |
| rw | /home/ldapdb2/idsslapd-ldapdb2/etc/ibmslapd.conf | (Server configuration) - Contains the IBM Directory (LDAP Version 6.0 or later) configuration information. |
| rw | /etc/ldapsvc/server.print | (Client configuration) - Contains information about the Directory Server configured to store System V Print information. (Machine name, Location of Print subtree on the Directory and LDAP port) |
| rw | /etc/ldapsvc/system.print | (Client configuration) - Contains the ACL Bind Password for the Print subtree on the Directory. |