This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

For more information about the manual page format, see the manual page for manpages(5).

dsconfigldap(1)           BSD General Commands Manual          dsconfigldap(1)

NAME
     dsconfigldap -- LDAP server config/binding add/remove tool.

SYNOPSIS
     dsconfigldap [-fvixsgme] -a servername [-n configname] [-c computerid] [-u username] [-p password]
                  [-l username] [-q password]

     dsconfigldap [-fvi] -r servername [-u username] [-p password] [-l username] [-q password]

                  options:
                        -f             force authenticated binding/unbinding
                        -v             verbose logging to stdout
                        -i             prompt for passwords as required
                        -x             choose SSL connection
                        -s             enforce secure authentication only
                        -g             enforce packet signing security policy
                        -m             enforce man-in-middle security policy
                        -e             enforce encryption security policy
                        -h             display usage statement

                  parameters:
                        -a servername  add config of servername
                        -r servername  remove config of servername
                        -n configname  name given to LDAP server config
                        -c computerid  name used if binding to directory
                        -u username    privileged network username
                        -p password    privileged network user password
                        -l username    local admin username
                        -q password    local admin password

DESCRIPTION
     dsconfigldap allows addition or removal of LDAP server configurations in Directory Services. Presented
     below is a discussion of possible parameters. Usage has three intents: add server config, remove server
     config, or display help.

     Options list and their descriptions:

     -f       Bindings will be established or dropped in conjunction with the addition or removal of the
              LDAP server configuration.

     -v       This enables the logging to stdout of the details of the operations. This can be redirected to
              a file.

     -i       You will be prompted for a password to use in conjunction with a specified username.

     -s       This ensures that no clear text passwords will be sent to the LDAP server during authentica-tion. authentication.
              tion.  This will only be enabled if the server supports non-cleartext methods.

     -e       This ensures that if the server is capable of supporting encryption methods (i.e., SSL or Ker-beros) Kerberos)
              beros) that encryption will be enforced at all times via policy.

     -m       This ensures that man-in-the-middle capabilities will be enforced via Kerberos, if the server
              supports the capability.

     -g       This ensures that packet signing capabilities will be enforced via Kerberos, if the server
              supports the capability.

     -x       Connection to the LDAP server will only be made over SSL.

     -h       Display usage statement.

     Parameters list and their descriptions:

     -a servername
              This is either the fully qualified domain name or correct IP address of the LDAP server to be
              added to the DirectoryService LDAPv3 configuration.

     -r servername
              This is either the fully qualified domain name or correct IP address of the LDAP server to be
              removed from the DirectoryService LDAPv3 configuration.

     -n configname
              This is the UI configuration label that is to be given the LDAP server configuration.

     -c computerid
              This is the name to be used for directory binding to the LDAP server. If none is given the
              first substring, before a period, of the hostname (the defined environment variable "HOST") is
              used.

     -u username
              Username of a privileged network user to be used in authenticated directory binding.

     -p password
              Password for the privileged network user.  If this is not specified, you will be prompted for
              a password.

     -l username
              Username of a local administrator.

     -q password
              Password for the local administrator.  If this is not specified, you will be prompted for a
              password.

EXAMPLES
     -add a LDAP server config
              dsconfigldap -v -a myldap.company.com The LDAP server config for the LDAP server myldap.com-pany.com myldap.company.com
              pany.com will be added. If authenticated directory binding is required by the LDAP server,
              then this call will fail. Otherwise, the following parameters configname, computerid, and
              local admin name will respectively pick up these defaults: ip address of the LDAP servername,
              substring up to first period of fully qualified hostname, and username of the user in the
              shell this tool was invoked.

     -remove a LDAP server config
              dsconfigldap -v -r myldap.company.com The LDAP server config for the LDAP server myldap.com-pany.com myldap.company.com
              pany.com will be removed but not unbound since no network user credentials were supplied.  The
              local admin name will be the username of the user in the shell this tool was invoked.

Mac OS X                          May 07 2004                         Mac OS X