aixpertldap Command

Purpose

Uploads or downloads AIX® Security Expert XML configuration files to or from a centralized location on a Light Directory Access Protocol (LDAP) server.

Syntax

aixpertldap -u -D bindDN -w bindPwd [ -b baseDN ] [ -f filename ] [ -l label ]

aixpertldap -d -D bindDN -w bindPwd [ -b basedn ]

aixpertldap [ -? ]

Description

The aixpertldap command allows a system administrator to store AIX Security Expert XML configuration files in a centralized location on an LDAP server. By sharing these configuration files, similar systems operating in similar environments can easily download these security policies (XML configuration files), and apply the policies with the aixpert command. In this way, systems with similar security requirements are configured the same.

When this command downloads the AIX Security Expert security policy configuration files from the LDAP server, these files are placed in the local /etc/security/aixpert/ldap directory. The system administrator can scan these files, choose a relevant file, and apply the security settings specified in the file using the -f option of the aixpert command. Additionally, if you use the Web-based System Manager (websm) to access the AIX Security Expert, the LDAP server is automatically queried for all AIX Security Expert security policy configuration files, after reading the binding distinguished name (specified by the bindDN parameter) and the binding password (specified by the bindPwd parameter) from the user. These files are presented as options through the websm graphical user interface (GUI) for selection and implementation on the local system.

Tip: With the existing LDAP setup, this command uses the binding distinguished name and the binding password of the running LDAP client to store or retrieve XML configuration files on or from an LDAP server.

Flags

Item Description
-D bindDN Specifies the binding distinguished name to connect to an LDAP server.
-w bindPwd Specifies the binding password to read or write XML configuration files from or to an LDAP server.
-b basedn Specifies the centralized location where the XML configuration files are stored.
  • If you specify the basedn parameter while XML files are being uploaded, the XML files are stored under the location specified by the basedn parameter; otherwise the files are stored under the location specified by the default basedn value: cn=aixdata.

    For example, if the basedn parameter is specified as "ou=Austin,o=ibm,c=US", the aixpertldap command stores the XML configuration files under the "ou=aixpert,ou=Austin,o=ibm,c=US" distinguished name (DN).

  • If you specify the basedn parameter while XML files are being downloaded, the aixpertldap command searches under the specific DN for the XML files; otherwise the default basedn value (cn=aixdata) is used to search the XML files.

    For example, if the basedn parameter is not specified, the aixpertldap command searches for XML files under the default basedn value: ou=aixpert, ou=aixdata.

-d Downloads the XML configuration files from an LDAP server to the local /etc/security/aixpert/ldap directory.
-f filename Specifies the full path of the XML configuration file to be uploaded to an LDAP server.

If you do not specify the option, the /etc/security/aixpert/core/appliedaixpert.xml file is uploaded to the LDAP server by default.

Restriction: The f and d options are mutually exclusive.

-l label Specifies the short description of the content in the XML configuration file that is being uploaded. If you do not this option, the XML file has the host name as the label.

For example, if the XML file contains security settings of Accounts department, the label is named AccountsDept.

Restriction: The l and d options are mutually exclusive.

-u Uploads the XML configuration files to an LDAP server.
-? Displays the usage statement of the command.

Exit Status

Item Description
0 Success.
1 Failure or partial failure.

Security

Only root users can run the aixpertldap command.

Examples

  1. To upload the /home/hussain/netwsec.xml file under the ou=aixpert, ou=Bangalore,o=ibm,c=IN DN with the NetworkSecurity label, use the following command:
    aixpertldap –u –D binddn -w secret –b ou=Bangalore,o=ibm,c=IN 
    –f /home/hussain/netwsec.xml –l NetworkSecuriry
  2. To download all XML files from the ou=aixpert, ou=Bangalore,o=ibm,c=IN DN to the /etc/security/aixpert/ldap directory, use the following command:
    aixpertldap –d –D binddn -w secret –b ou=Bangalore,o=ibm,c=IN
  3. To download the XML files from the ou=aixpert, cn=aixdata DN, use the following command:
    aixpertldap -d –D binddn -w secret

Files

Item Description
/etc/security/aixpert/ldap Stores the downloaded XML configuration files.