IBM RELEASE 7.3 User Manual
Page 24
To create a new group, use the following command at the hpss_ldap_admin prompt:
group create -gid <gid> -name <name> [-uuid <uuid>]
If no UUID is supplied, one will be generated.
•
Deleting a group
To delete a group, use the following command at the hpss_ldap_admin prompt:
group delete [-gid <gid>] [-name <name>] [-uuid <uuid>]
You may supply any of the arguments listed. This command will delete any group entries in the
LDAP information that have the indicated attributes.
•
Adding a member to a group
To add a principal to a group, use the following command at the hpss_ldap_admin prompt:
group add <principal> [-gid <gid>] [-name <name>] [-uuid <uuid>]
You may supply any of the arguments listed to select the group to which the named principal will
be added.
•
Removing a member from a group
To remove a principal from a group, use the following command at the hpss_ldap_admin
prompt:
group remove <principal> [-gid <gid>] [-name <name>]
[-uuid <uuid>]
You may supply any of the arguments listed to select the group from which the named principal
will be removed.
Working with Trusted Foreign Realms
•
Creating a trusted foreign realm
To add an entry for a trusted foreign realm, use the following hpss_ldap_admin command:
trealm create -id <realmID> -mech <mechanism> -name <realmName>
-url <url>
The arguments are as follows
·
-id - the numeric realm ID for the foreign realm
·
-mech - a string identifying the authorization mechanism in use at the foreign realm, such as
"unix" or "ldap"
·
-name - the name of the foreign realm, e.g. "SOMEREALM.SOMEDOMAIN.COM"
·
-url - the URL of the security mechanism of the foreign realm. This only matters if the
foreign realm is using LDAP as its authorization mechanism. If so, this must be the LDAP
URL of the main entry for the security realm in the foreign LDAP server. This should be
HPSS Management Guide
November 2009
Release 7.3 (Revision 1.0)
24