tetoldif Command

Purpose

Prints certain Trusted Signature Database (TSD) and TE Policies that are defined locally to stdout in an ldif format.

Syntax

tetoldif -d < baseDN > [-s [ filename ] ] [ -p [ filename ] ]

Description

The tetoldif command reads data from a locally defined TSD and TE policies database files and prints the result to stdout in ldif format. If the results are redirected to a file, they can be added to a LDAP server with the ldapadd command with the -b flag or the ldif2db command.

The tetoldif command reads the /etc/security/ldap/sectoldif.cfg file to determine what to name the trusted signature database and the TE policies database sub-trees where the data is exported to. The tetoldif command only exports data to the TSDDAT types and TEPOLICIES types defined in the /etc/security/ldap/sectoldif.cfg file. The names specified in the /etc/security/ldap/sectoldif.cfg file will be used to create sub-trees under the base distinguished name (DN) specified with the –d flag.

The tetoldif command reads the Trusted Execution LDAP database reference names from the /etc/nscontrol.conf file if it is present. If the specified names are unavailable in the /etc/nscontrol.conf file, then the default names will be used. The default names are TSD for the TSD and TEPOL for the TE Policy.

Flags

Item Description
-d < BaseDN > Specifies the base distinguished names (DN) under which to place the TSD and TE policies data. For example, cn=aixdata.
-s [ filename ] Specifies the signature database. It will print only the TSD database to ldif format. If the filename is used, the default TSD /etc/security/tsd/tsd.dat data file can be changed to the filename.
-p [ filename ] Specifies the TE policies database. It will print only the TE policies database to LDIF format. If the filename is used, the default TE Policies //etc/security/tsd/tepolicies.dat file is changed to the filename.

Exit Status

Item Description
0 Successful completion.
>0 An error occurred.

Security

Access Control: This command should grant execute (x) access only to the root user.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Files:
Item Description
/etc/security/tsd/tsd.dat Contains the TSD attributes for the binaries which are configured.
/etc/security/tsd/tepolicies.dat Contains the TE policies configured.

Examples

  1. To export the TSD and TE policies database content to a ldif format with the base DN of cn=aixdata, run the following command:
    tetoldif –d cn=aixdata
  2. To export only a TSD database to a ldif format with the base DN of cn=aixdata, run the following command:
     tetoldif –d cn=aixdata –s
  3. To export only a TE policies database content to a ldif format with the base DN of cn=aixdata, run the following command:
     tetoldif –d cn=aixdata –p 
  4. To export only a TSD database from a different file than the default /etc/security/tsd/tepolicies.dat file to a ldif format with the base DN of cn=aixdata, run the following command:
     tetoldif –d cn=aixdata –s filename
  5. To export TE policies from a different file than the default /etc/security/tsd/tepolicies.dat file to a ldif format with the base DN of cn=aixdata, run the following command:
    tetoldif –d cn=aixdata –p filename