Uploads or downloads AIX® Security Expert XML configuration files to or from a centralized location on a Light Directory Access Protocol (LDAP) server.
aixpertldap -u -D bindDN -w bindPwd [ -b baseDN ] [ -f filename ] [ -l label ]
aixpertldap -d -D bindDN -w bindPwd [ -b basedn ]
aixpertldap [ -? ]
The aixpertldap command allows a system administrator to store AIX Security Expert XML configuration files in a centralized location on an LDAP server. By sharing these configuration files, similar systems operating in similar environments can easily download these security policies (XML configuration files), and apply the policies with the aixpert command. In this way, systems with similar security requirements are configured the same.
When this command downloads the AIX Security Expert security policy configuration files from the LDAP server, these files are placed in the local /etc/security/aixpert/ldap directory. The system administrator can scan these files, choose a relevant file, and apply the security settings specified in the file using the -f option of the aixpert command. Additionally, if you use the Web-based System Manager (websm) to access the AIX Security Expert, the LDAP server is automatically queried for all AIX Security Expert security policy configuration files, after reading the binding distinguished name (specified by the bindDN parameter) and the binding password (specified by the bindPwd parameter) from the user. These files are presented as options through the websm graphical user interface (GUI) for selection and implementation on the local system.
Tip: With the existing LDAP setup, this command uses the binding distinguished name and the binding password of the running LDAP client to store or retrieve XML configuration files on or from an LDAP server.
| Item | Description |
|---|---|
| -D bindDN | Specifies the binding distinguished name to connect to an LDAP server. |
| -w bindPwd | Specifies the binding password to read or write XML configuration files from or to an LDAP server. |
| -b basedn | Specifies the centralized location where the XML configuration
files are stored.
|
| -d | Downloads the XML configuration files from an LDAP server to the local /etc/security/aixpert/ldap directory. |
| -f filename | Specifies the full path of the XML configuration file to be
uploaded to an LDAP server. If you do not specify the option, the /etc/security/aixpert/core/appliedaixpert.xml file is uploaded to the LDAP server by default. Restriction: The f and d options are mutually exclusive. |
| -l label | Specifies the short description of the content in the XML configuration
file that is being uploaded. If you do not this option, the XML file
has the host name as the label. For example, if the XML file contains security settings of Accounts department, the label is named AccountsDept. Restriction: The l and d options are mutually exclusive. |
| -u | Uploads the XML configuration files to an LDAP server. |
| -? | Displays the usage statement of the command. |
| Item | Description |
|---|---|
| 0 | Success. |
| 1 | Failure or partial failure. |
Only root users can run the aixpertldap command.
aixpertldap –u –D binddn -w secret –b ou=Bangalore,o=ibm,c=IN
–f /home/hussain/netwsec.xml –l NetworkSecuriryaixpertldap –d –D binddn -w secret –b ou=Bangalore,o=ibm,c=INaixpertldap -d –D binddn -w secret| Item | Description |
|---|---|
| /etc/security/aixpert/ldap | Stores the downloaded XML configuration files. |