NAME

dsconfigldap — LDAP server configuration/binding add/remove tool.

SYNOPSIS

DESCRIPTION

dsconfigldap allows addition or removal of LDAP server configurations. Presented below is a discussion of possible parameters. Usage has three intents: add server config, remove server config, or display help.

Options list and their descriptions:

-f

Bindings will be established or dropped in conjunction with the addition or removal of the LDAP server configuration.

-v

This enables the logging to stdout of the details of the operations. This can be redirected to a file.

-i

You will be prompted for a password to use in conjunction with a specified username.

-s

This ensures that no clear text passwords will be sent to the LDAP server during authentication. This will only be enabled if the server supports non-cleartext methods.

-e

This ensures that if the server is capable of supporting encryption methods (i.e., SSL or Kerberos) that encryption will be enforced at all times via policy.

-m

This ensures that man-in-the-middle capabilities will be enforced via Kerberos, if the server supports the capability.

-g

This ensures that packet signing capabilities will be enforced via Kerberos, if the server supports the capability.

-x

Connection to the LDAP server will only be made over SSL.

-S

Will skip updating the search policies.

-N

Will assume Yes for installing certificates

-h

Display usage statement.

-a servername

This is either the fully qualified domain name or correct IP address of the LDAP server to be added to the DirectoryService LDAPv3 configuration.

-r servername

This is either the fully qualified domain name or correct IP address of the LDAP server to be removed from the DirectoryService LDAPv3 configuration.

-n configname

This is the UI configuration label that is to be given the LDAP server configuration.

-c computerid

This is the name to be used for directory binding to the LDAP server. If none is given the first substring, before a period, of the hostname (the defined environment variable "HOST") is used.

-u username

Username of a privileged network user to be used in authenticated directory binding.

-p password

Password for the privileged network user. This is a less secure method of providing a password, as it may be viewed via process list. For stronger security leave the option off and you will be prompted for a password.

-l username

Username of a local administrator.

-q password

Password for the local administrator. This is a less secure method of providing a password, as it may be viewed via process list. For stronger security leave the option off and you will be prompted for a password.

EXAMPLES

dsconfigldap -a ldap.company.com

The LDAP server config for the LDAP server myldap.company.com will be added. If authenticated directory binding is required by the LDAP server, then this call will fail. Otherwise, the following parameters configname, computerid, and local admin name will respectively pick up these defaults: ip address of the LDAP servername, substring up to first period of fully qualified hostname, and username of the user in the shell this tool was invoked.

dsconfigldap -r ldap.company.com

The LDAP server config for the LDAP server myldap.company.com will be removed but not unbound since no network user credentials were supplied. The local admin name will be the username of the user in the shell this tool was invoked.

SEE ALSO

opendirectoryd(8), odutil(1)