Commands Reference, Volume 3

mkprtldap Command

Purpose

Configures IBM Directory (LDAP) for Directory enabled System V print. It also configures client machines to use the Directory for System V print information.

Syntax

To configure the IBM Directory to store System V Print information:

mkprtldap -s -a AdminDN -p Adminpasswd -w ACLBindPasswd [-f] [-d nodeDN]

To configure clients to use the IBM Directory for System V Print information:

mkprtldap -c -h DirectoryServerHostname -w ACLBindPasswd [ -d PrintBindDN ] [-U]

To get usage information for the mkprtldap command:

mkprtldap ?

Description

The mkprtldap command configures the IBM Directory (LDAP) server, and one or more clients to use the Directory (LDAP) for System V Print information. This command must be run on the system being setup as the server and on all the client systems. Once the Directory (LDAP) server is configured for System V print, the directory enabled System V Print commands (dslpadmin, dslpaccess, dslpsearch, dslpenable, dslpdisable, dslpaccept, lp, lpstat, cancel and dslpreject ) must be run to add , remove and manage System V print information (printers and print queues) on the Directory (LDAP) server. The mkprtldap command configures client machines to use the Directory (LDAP) server for System V print information.

The mkprtldap command requires the IBM Directory server software to be installed on the machine being configured as the server. The command also requires the IBM Directory client software to be installed on all client machines that will use the Directory (LDAP) server for System V print information.

Note

The client (-c flag) and the server (-s server) options cannot be run at the same time. When setting up a system as the server, the mkprtldap command should be run twice on that system. Once to set up the server, and again to set up the client.

During the server side configuration, using the -s flag, the mkprtldap command:

Requires the IBM Directory Administrator's DN and password if the Directory has been configured. If the Directory Administrator's DN and password have not been set, mkprtldap will set them with the values passed to the command.
Creates a db2 instance with ldapdb2 as the default instance name.
Creates a db2 database with ldapdb2 as the default database name if one does no exist. If an existing database is found, mkprtldap adds AIX System V print information to the existing database.
Creates the AIX Information tree DN (cn=aixdata container object) on the Directory if one is not present. The print subtree will be created under the AIX Information subtree. If an existing AIX Information subtree exists on the Directory, the print subtree will be created under it. All System V print information will be stored under the print subtree. The directory enabled System V print commands have to be run to add printers and print queues under the print subtree created.
The default suffix and AIX Information tree for the mkprtldap command is a top level container object cn=aixdata. The Print subtree (ou=print) will be created under the AIX Information tree.
The print subtree is ACL protected with the value of the ACLBindPasswd parameter passed to the command. The same value must be used when configuring clients to use the Directory for System V print information. Select a password value that is difficult for people or password cracking programs to guess.
If the -d option is used and a valid existing node on the Directory is passed to the command, the AIX Information subtree is created under the given node. The print subtree is then created under the AIX Information subtree.
Starts the IBM Directory server after all the above is done
Adds the IBM Directory server process (slapd) to the /etc/inittab file to have the server start after a reboot.

During the client configuration, the mkprtldap command:

Saves the IBM Directory (LDAP) server host name in the /etc/ldapsvc/server.print file.
Saves the AIX Print Bind DN in the /etc/ldapsvc/server.print file.
Saves the ACL Bind Password for the AIX Print Bind DN in the /etc/ldapsvc/system.print file. The value of the ACL Bind password must be the same as the one specified during the configuration of the Directory server.
Undo a previous client configuration if the -U flag is specified. This option will replace the /etc/ldapsvc/system.print and /etc/ldapsvc/server.print files with the previous saved copies of the files (/etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save).

Flags

Server

-a AdminDN	Specifies the Directory (LDAP) Administrator's DN.
-d nodeDN	This advanced option requires a valid existing node DN on the Directory under which the AIX Information tree and Print Subtree will be created.
-f	The force flag is required by the mkprtldap command to force the creation of the Print subtree (and AIX Information subtree if needed) when one or more AIX Information trees exist on the Directory.
-p adminpasswd	Specifies the Directory (LDAP) Administrator's password.
-s	Indicates the command is being run to configure the Directory for System V print.
-w ACLBindPasswd	Specifies the password to ACL protect the Print Subtree on the Directory. Select a password value that is difficult for people or password cracking programs to guess.

Client

-c	Indicates the command is being run to configure clients to use the Directory for System V Print information.
-d PrintBindDN	Specifies the Print Bind DN. The default Print Bind DN is ou=print,cn=aixdata. The Print Bind DN to use during Client configuration is displayed at the end of the server setup of the mkprtldap command.
-h DirectoryServerHostname	Hostname of the IBM Directory server setup to store System V Print information.
-U	Undo a previous configuration of a client.
-w ACLBindPasswd	The ACL Bind Password for the print subtree. The ACL Bind password is specified during the server setup of the mkprtldap command. The value of the ACL Bind Password must match the one used during the setup of the Directory server.

Usage

?	Displays usage information for the mkprtldap command.

Security

This command can be run by the root user only.

Examples

To configure a new installation of IBM Directory for System V print with the Administrator DN cn=root and password root, type:
```
mkprtldap -s -a cn=root -p root -w aclpasswd
```
where the ACL Bind password is the password used to ACL protect the print subtree. The ACL Bind password is specified during the configuration of System V Print on the Directory. This configuration will also set the Directory Administrator's DN and password to cn=root and root. Running the command will setup a suffix and top level object cn=aixdata. The Print subtree (ou=print) will be created under this AIX Information tree (cn=aixdata object). Select a ACL Bind password value that is difficult for people or password cracking programs to guess.
To configure System V print on a machine with a configured IBM Directory server -
The Administrator DN and password are required to configure System V print on the Directory. Assume the existing Administrator's DN and password are cn=admin and passwd.
```
mkprtldap -s -a cn=admin -p passwd -w pass123wd
```
The mkprtldap command provides the option to configure the IBM Directory to store the print information under a pre-existing node (e.g. o=ibm,c=us) on the Directory [Advanced Option]. This is only recommended when it is necessary to store the print information under the existing node on the Directory for specific reasons. The recommend option is to store the print subtree in the default location on the Directory by not specifying the -d option. The Administrator DN and password are required to configure System V print on the Directory Assume the existing Administrator's DN and password are cn=admin and passwd.
```
mkprtldap -a cn=admin -p passwd -w acl123passwd -d o=ibm,c=us
```
Running the command will create an AIX Information tree (cn=aixdata) under the o=ibm,c=us object. The print subtree will be created under this new object (cn=aixdata, o=ibm, c=us).
To configure System V print on a machine with a configured IBM Directory server and an existing AIX Information tree. There might be situations where the Directory contains an existing AIX information tree with other subsystem specific information (e.g Security or NIS information). It might be required to store the print information in a separate location on the Directory under a different AIX Information tree. The command, by default, will not create a new AIX Information tree if one exists on the Directory. To force the command to create a new AIX Information tree to store the print information, use the -f flag with the command. Consider the case where the Security and NIS subsystem information is stored under the AIX Information tree at cn=aixdata,o=ibm,c=us. To create a new AIX Information tree for print information different from the existing one, run the command with the -f flag and specify the default location or another node. The Administrator DN and password are required to configure System V print on the Directory. Assume the existing Administrator's DN and password are cn=admin and passwd
```
mkprtldap -a cn=admin -p passwd -w passwd123 -f 
```
Running the command will create a new AIX Information tree (cn=aixdata) with the suffix (cn=aixdata) and the print information will be stored under this new AIX Information tree (ou=print, cn=aixdata). There will be two AIX Information trees on the Directory in this example cn=aixdata,o=ibm,c=us and cn=aixdata. The print information will be under the cn=aixdata object (suffix - cn=aixdata). For mkprtldap, it is recommend to use the default location to add the print information to the Directory.
To configure a client to use an IBM Directory setup for System V Print on host server.ibm.com, type:
```
mkprtldap -c -h server.ibm.com -w passwd 
```
Please ensure that the ACL Bind Password (passwd) is the same as the one specified during the setup of the Directory Server. Running the command without specifying a Print Bind DN value with the -d option will cause the command to use the default Print Bind DN ou=print,cn=aixdata. The Print Bind DN must match the one displayed at the end of running the mkprtldap command to configure the server.
To change the information in the client side configuration files, run the mkprtldap command with the new information
```
mkprtldap -c -h server.ibm.co.uk -w aclpasswd -d ou=print,cn=aixdata,c=uk
```
Executing this command on a client that has already been configured will change the information in the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print files to contain the new configuration information. The original contents of the /etc/ldapsvc/server.print and /etc/ldapsvc/system.print will stored in the /etc/ldapsvc/server.print.save and /etc/ldapsvc/system.print.save files.

Files

Mode	File	Description
rw	/etc/slapd32.conf	(Server configuration) - Contains the IBM Directory (LDAP) configuration information.
rw	/etc/ldapsvc/server.print	(Client configuration) - Contains information about the Directory Server configured to store System V Print information. (Machine name, Location of Print subtree on the Directory and LDAP port)
rw	/etc/ldapsvc/system.print	(Client configuration) - Contains the ACL Bind Password for the Print subtree on the Directory.

Related Information

Configuring Directory Enabled System V print in the AIX 5L Version 5.2 Guide to Printers and Printing.

The dslpadmin command, dslpaccess command, dslpsearch command, dslpenable command, dslpdisable command, dslpaccept command, lp command, lpstat command, cancel command, dslpreject command, and mksecldap command.

The /etc/ldapsvc/server.print and /etc/ldapsvc/system.print files.

The /etc/slapd32.conf file.