Prints users and groups defined locally to stdout in ldif format.
sectoldif -d baseDN [ -S schematype ] [ -u username ]
The sectoldif command reads users and groups defined locally, and prints the result to stdout in ldif format. If redirected to a file, the result can be added to a LDAP server with the ldapadd command or the ldif2db command.
The sectoldif command is called by the mksecldap command to export users and groups during LDAP server setup. One needs to be extra cautious when exporting additional users and groups from other systems to the LDAP server using the sectoldif output. The ldapadd and ldif2db commands check only for entry name (user name or group name) but not for the numeric id when adding entries. Exporting users and groups from multiple systems using sectoldif output can result in sharing of a numeric id by multiple accounts, which is a security violation.
The sectoldif command reads the /etc/security/ldap/sectoldif.cfg file to determine what to name the user, group and system sub-trees that the data will be exported to. The sectoldif command only exports data to the USER, GROUP and SYSTEM types. The names specified in the file will be used to create sub-trees under the base DN specified with the -d flag. Refer to the /etc/security/ldap/sectoldif.cfg file documentation for more information.
Item | Description |
---|---|
-d baseDN | Specifies the base DN under which to place the user and group data. |
-S schematype | Specifies the LDAP schema used to represent user/group entries in the LDAP server. Valid values are AIX, RFC2307, and RFC2307AIX. Default is AIX. |
-u username | Specifies to print a specific user. |
sectoldif -d cn=aixsecdb,cn=aixdata -S rfc2307aix
This prints all users and groups defined locally to stdout in ldif format. User entries and group entries are represented using the rfc2307aix schema type. The base DN is set to cn=aixsecdb, cn=aixdata.
sectoldif -d cn=aixsecdb,cn=aixdata -u foo
This prints locally defined user foo to stdout in ldif format. Without the -S option, the default AIX schema type is used to represent foo's ldif output.
USER ou organizationalUnit aixuser
GROUP ou organizationalUnit aixgroup
ID ou organizationalUnit System
sectoldif -d cn=aixsecdb,cn=aixdata -S aix
This
prints all users and groups defined locally to stdout in ldif format.
User entries and group entries are represented using the AIX schema type. The base
DN is set to cn=aixsecdb,cn=aixdata, with user subtree ou=aixuser and
group subtree ou=aixgroup.Mode | File |
---|---|
r | /etc/passwd |
r | /etc/group |
r | /etc/security/passwd |
r | /etc/security/limits |
r | /etc/security/user |
r | /etc/security/environ |
r | /etc/security/user.roles |
r | /etc/security/lastlog |
r | /etc/security/smitacl.user |
r | /etc/security/mac_user |
r | /etc/security/group |
r | /etc/security/smitacl.group |
r | /etc/security/login.cfg |