[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 3
mkprtldap Command
Purpose
Configures IBM Directory (LDAP) for Directory enabled System V
print. It also configures client machines to use the Directory for System
V print information.
Syntax
To configure the IBM Directory to store System V Print information:
mkprtldap -s -a AdminDN -p Adminpasswd -w ACLBindPasswd [-f] [-d nodeDN]
To configure clients to use the IBM Directory for System V Print
information:
mkprtldap -c -h DirectoryServerHostname -w ACLBindPasswd [ -d PrintBindDN ] [-U]
To get usage information for the mkprtldap command:
mkprtldap ?
Description
The mkprtldap command configures the IBM Directory
(LDAP) server, and one or more clients to use the Directory (LDAP) for System
V Print information. This command must be run on the system being setup as
the server and on all the client systems. Once the Directory (LDAP) server
is configured for System V print, the directory enabled System V Print commands
(dslpadmin, dslpaccess, dslpsearch, dslpenable, dslpdisable, dslpaccept, lp, lpstat, cancel and dslpreject ) must be run to add , remove and manage System V print information
(printers and print queues) on the Directory (LDAP) server. The mkprtldap command configures client machines to use the Directory (LDAP)
server for System V print information.
The mkprtldap command requires the IBM Directory
server software to be installed on the machine being configured as the server.
The command also requires the IBM Directory client software to be
installed on all client machines that will use the Directory (LDAP) server
for System V print information.
Note
The client (-c flag) and the server (-s server) options cannot
be run at the same time. When setting up a system as the server, the mkprtldap
command should be run twice on that system. Once to set up the server, and
again to set up the client.
During the server side configuration, using the -s flag,
the mkprtldap command:
- Requires the IBM Directory Administrator's DN and password if
the Directory has been configured. If the Directory Administrator's DN and
password have not been set, mkprtldap will set them
with the values passed to the command.
- Creates a db2 instance with ldapdb2 as the default
instance name.
- Creates a db2 database with ldapdb2 as the default
database name if one does no exist. If an existing database is found, mkprtldap adds AIX System V print information to the existing
database.
- Creates the AIX Information tree DN (cn=aixdata container object) on the
Directory if one is not present. The print subtree will be created under the
AIX Information subtree. If an existing AIX Information subtree exists on
the Directory, the print subtree will be created under it. All System V print
information will be stored under the print subtree. The directory enabled
System V print commands have to be run to add printers and print queues under
the print subtree created.
- The default suffix and AIX Information tree for the mkprtldap command is a top level container object cn=aixdata. The Print
subtree (ou=print) will be created under the AIX Information tree.
- The print subtree is ACL protected with the value of the ACLBindPasswd parameter passed to the command. The same value must be
used when configuring clients to use the Directory for System V print information.
Select a password value that is difficult for people or password cracking
programs to guess.
- If the -d option is used and a valid existing node
on the Directory is passed to the command, the AIX Information subtree is
created under the given node. The print subtree is then created under the
AIX Information subtree.
- Starts the IBM Directory server after all the above is done
- Adds the IBM Directory server process (slapd) to the /etc/inittab file to have the server start after a reboot.
During the client configuration, the mkprtldap command:
- Saves the IBM Directory (LDAP) server host name in the /etc/ldapsvc/server.print file.
- Saves the AIX Print Bind DN in the /etc/ldapsvc/server.print file.
- Saves the ACL Bind Password for the AIX Print Bind DN in the /etc/ldapsvc/system.print file. The value of the ACL Bind password must
be the same as the one specified during the configuration of the Directory
server.
- Undo a previous client configuration if the -U flag
is specified. This option will replace the /etc/ldapsvc/system.print and /etc/ldapsvc/server.print files with the previous
saved copies of the files (/etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save).
Flags
Server
-a AdminDN |
Specifies the Directory (LDAP) Administrator's DN. |
-d nodeDN |
This advanced option requires a valid existing node
DN on the Directory under which the AIX Information tree and Print Subtree
will be created. |
-f |
The force flag is required by the mkprtldap command to force the creation of the Print subtree (and AIX
Information subtree if needed) when one or more AIX Information trees exist
on the Directory. |
-p adminpasswd |
Specifies the Directory (LDAP) Administrator's password. |
-s |
Indicates the command is being run to configure the
Directory for System V print. |
-w ACLBindPasswd |
Specifies the password to ACL protect the Print Subtree
on the Directory. Select a password value that is difficult for people or
password cracking programs to guess. |
Client
-c |
Indicates the command is being
run to configure clients to use the Directory for System V Print information. |
-d PrintBindDN |
Specifies the Print Bind DN. The
default Print Bind DN is ou=print,cn=aixdata. The Print
Bind DN to use during Client configuration is displayed at the end of the
server setup of the mkprtldap command. |
-h DirectoryServerHostname |
Hostname of the IBM Directory
server setup to store System V Print information. |
-U |
Undo a previous configuration
of a client. |
-w ACLBindPasswd |
The ACL Bind Password for the
print subtree. The ACL Bind password is specified during the server setup
of the mkprtldap command. The value of the ACL Bind
Password must match the one used during the setup of the Directory server. |
Usage
? |
Displays usage information for the mkprtldap command. |
Security
This command can be run by the root user only.
Examples
- To configure a new installation of IBM Directory for System V
print with the Administrator DN cn=root and password
root, type:
mkprtldap -s -a cn=root -p root -w aclpasswd
where
the ACL Bind password is the password used to ACL protect the print subtree.
The ACL Bind password is specified during the configuration of System V Print
on the Directory. This configuration will also set the Directory Administrator's
DN and password to cn=root and root. Running the command will setup a suffix and top level object cn=aixdata. The Print subtree (ou=print) will be
created under this AIX Information tree (cn=aixdata object). Select a ACL Bind password value that is difficult for people or password
cracking programs to guess.
- To configure System V print on a machine with a configured IBM Directory
server -
The Administrator DN and password are required to configure System
V print on the Directory. Assume the existing Administrator's DN and password
are cn=admin and passwd.
mkprtldap -s -a cn=admin -p passwd -w pass123wd
- The mkprtldap command provides the option to configure
the IBM Directory to store the print information under a pre-existing
node (e.g. o=ibm,c=us) on the
Directory [Advanced Option]. This is only recommended when it is necessary
to store the print information under the existing node on the Directory for
specific reasons. The recommend option is to store the print subtree in the
default location on the Directory by not specifying the -d option. The Administrator DN and password are required to configure
System V print on the Directory Assume the existing Administrator's DN and
password are cn=admin and passwd.
mkprtldap -a cn=admin -p passwd -w acl123passwd -d o=ibm,c=us
Running
the command will create an AIX Information tree (cn=aixdata) under the o=ibm,c=us object. The print subtree
will be created under this new object (cn=aixdata, o=ibm, c=us).
- To configure System V print on a machine with a configured IBM Directory
server and an existing AIX Information tree. There might be situations where
the Directory contains an existing AIX information tree with other subsystem
specific information (e.g Security or NIS information). It might be required
to store the print information in a separate location on the Directory under
a different AIX Information tree. The command, by default, will not create
a new AIX Information tree if one exists on the Directory. To force the command
to create a new AIX Information tree to store the print information, use the -f flag with the command. Consider the case where the Security
and NIS subsystem information is stored under the AIX Information tree at cn=aixdata,o=ibm,c=us. To create a new AIX Information tree
for print information different from the existing one, run the command with
the -f flag and specify the default location or another
node. The Administrator DN and password are required to configure System
V print on the Directory. Assume the existing Administrator's DN and password
are cn=admin and passwd
mkprtldap -a cn=admin -p passwd -w passwd123 -f
Running the command
will create a new AIX Information tree (cn=aixdata)
with the suffix (cn=aixdata) and the print information
will be stored under this new AIX Information tree (ou=print, cn=aixdata). There will be two AIX Information
trees on the Directory in this example cn=aixdata,o=ibm,c=us and cn=aixdata. The print information will be
under the cn=aixdata object (suffix - cn=aixdata). For mkprtldap, it is recommend to
use the default location to add the print information to the Directory.
- To configure a client to use an IBM Directory setup for System
V Print on host server.ibm.com, type:
mkprtldap -c -h server.ibm.com -w passwd
Please ensure that the ACL
Bind Password (passwd) is the same as the one specified
during the setup of the Directory Server. Running the command without specifying
a Print Bind DN value with the -d option will cause the command to use the
default Print Bind DN ou=print,cn=aixdata. The Print
Bind DN must match the one displayed at the end of running the mkprtldap command to configure the server.
- To change the information in the client side configuration files, run
the mkprtldap command with the new information
mkprtldap -c -h server.ibm.co.uk -w aclpasswd -d ou=print,cn=aixdata,c=uk
Executing this command on a client that has already been configured
will change the information in the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print files to contain
the new configuration information. The original contents of the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print will stored in the /etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save files.
Files
Mode |
File |
Description |
rw |
/etc/slapd32.conf |
(Server configuration) - Contains the IBM Directory
(LDAP) configuration information. |
rw |
/etc/ldapsvc/server.print |
(Client configuration) - Contains information about
the Directory Server configured to store System V Print information. (Machine
name, Location of Print subtree on the Directory and LDAP port) |
rw |
/etc/ldapsvc/system.print |
(Client configuration) - Contains the ACL Bind Password
for the Print subtree on the Directory. |
Related Information
Configuring Directory Enabled System V print in the AIX 5L Version 5.2 Guide to Printers and Printing.
The dslpadmin command, dslpaccess command, dslpsearch command, dslpenable command, dslpdisable command, dslpaccept command, lp command, lpstat command, cancel command, dslpreject command, and mksecldap command.
The /etc/ldapsvc/server.print and /etc/ldapsvc/system.print files.
The /etc/slapd32.conf file.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]