dsconfigldap man page on Darwin

Man page or keyword search:  
man Server   23457 pages
apropos Keyword Search (all sections)
Output format
Darwin logo
[printable version]

dsconfigldap(1)		  BSD General Commands Manual	       dsconfigldap(1)

NAME
     dsconfigldap — LDAP server configuration/binding add/remove tool.

SYNOPSIS
     dsconfigldap [-fvixsgmeSN] -a servername [-n configname] [-c computerid]
		  [-u username] [-p password] [-l username] [-q password]

     dsconfigldap [-fviSN] -r servername [-u username] [-p password]
		  [-l username] [-q password]

		  options:
			-f	       force authenticated binding/unbinding
			-v	       verbose logging to stdout
			-i	       prompt for passwords as required
			-x	       choose SSL connection
			-s	       enforce secure authentication only
			-g	       enforce packet signing security policy
			-m	       enforce man-in-middle security policy
			-e	       enforce encryption security policy
			-S	       do not update search policies
			-N	       do not prompt about adding certificates
			-h	       display usage statement
			-a servername  add config of servername
			-r servername  remove config of servername
			-n configname  name given to LDAP server config
			-c computerid  name used if binding to directory
			-u username    privileged network username
			-p password    privileged network user password
			-l username    local admin username
			-q password    local admin password

DESCRIPTION
     dsconfigldap allows addition or removal of LDAP server configurations.
     Presented below is a discussion of possible parameters. Usage has three
     intents: add server config, remove server config, or display help.

     Options list and their descriptions:

     -f	      Bindings will be established or dropped in conjunction with the
	      addition or removal of the LDAP server configuration.

     -v	      This enables the logging to stdout of the details of the opera‐
	      tions. This can be redirected to a file.

     -i	      You will be prompted for a password to use in conjunction with a
	      specified username.

     -s	      This ensures that no clear text passwords will be sent to the
	      LDAP server during authentication.  This will only be enabled if
	      the server supports non-cleartext methods.

     -e	      This ensures that if the server is capable of supporting encryp‐
	      tion methods (i.e., SSL or Kerberos) that encryption will be
	      enforced at all times via policy.

     -m	      This ensures that man-in-the-middle capabilities will be
	      enforced via Kerberos, if the server supports the capability.

     -g	      This ensures that packet signing capabilities will be enforced
	      via Kerberos, if the server supports the capability.

     -x	      Connection to the LDAP server will only be made over SSL.

     -S	      Will skip updating the search policies.

     -N	      Will assume Yes for installing certificates

     -h	      Display usage statement.

     -a servername
	      This is either the fully qualified domain name or correct IP
	      address of the LDAP server to be added to the DirectoryService
	      LDAPv3 configuration.

     -r servername
	      This is either the fully qualified domain name or correct IP
	      address of the LDAP server to be removed from the DirectorySer‐
	      vice LDAPv3 configuration.

     -n configname
	      This is the UI configuration label that is to be given the LDAP
	      server configuration.

     -c computerid
	      This is the name to be used for directory binding to the LDAP
	      server. If none is given the first substring, before a period,
	      of the hostname (the defined environment variable "HOST") is
	      used.

     -u username
	      Username of a privileged network user to be used in authenti‐
	      cated directory binding.

     -p password
	      Password for the privileged network user.	 This is a less secure
	      method of providing a password, as it may be viewed via process
	      list.  For stronger security leave the option off and you will
	      be prompted for a password.

     -l username
	      Username of a local administrator.

     -q password
	      Password for the local administrator.  This is a less secure
	      method of providing a password, as it may be viewed via process
	      list.  For stronger security leave the option off and you will
	      be prompted for a password.

EXAMPLES
     dsconfigldap -a ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be
     added. If authenticated directory binding is required by the LDAP server,
     then this call will fail. Otherwise, the following parameters configname,
     computerid, and local admin name will respectively pick up these
     defaults: ip address of the LDAP servername, substring up to first period
     of fully qualified hostname, and username of the user in the shell this
     tool was invoked.

     dsconfigldap -r ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be
     removed but not unbound since no network user credentials were supplied.
     The local admin name will be the username of the user in the shell this
     tool was invoked.

SEE ALSO
     opendirectoryd(8), odutil(1)

Mac OS				 April 24 2010				Mac OS
[top]

List of man pages available for Darwin

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net