Prints users and groups defined locally to stdout in ldif format.
sectoldif -d baseDN [ -S schematype ] [ -u username ]
The sectoldif command reads users and groups defined locally, and prints the result to stdout in ldif format. If redirected to a file, the result can be added to a LDAP server with the ldapadd command or the db2ldif command.
The -S option specifies the schema type used for the ldif output. The sectoldif command accepts three schema types:
The sectoldif command is called by the mksecldap command to migrate users and groups during LDAP server setup. One needs to be extra cautious to migrate additional users and groups from other systems to the LDAP server using the sectoldif output. The ldapadd and db2ldif commands check only for entry name (user name or group name) but not for the numeric id when adding entries, migrating users and groups from multiple systems using sectoldif output may result in sharing of a numeric id by multiple accounts, which is a security violation.
sectoldif -d cn=aixsecdb,cn=aixdata -S rfc2307aix
This prints all users and groups defined locally to stdout in ldif format. User entries and group entries are represented using the rfc2307aix schema type. The base DN is set to cn=aixsecdb, cn=aixdata.
sectoldif -d cn=aixsecdb,cn=aixdata -u foo
This prints locally defined user foo to stdout in ldif format. Without the -S option, the default AIX schema type is used to represent foo's ldif output.
| Mode | File |
|---|---|
| r | /etc/passwd |
| r | /etc/group |
| r | /etc/security/passwd |
| r | /etc/security/limits |
| r | /etc/security/user |
| r | /etc/security/environ |
| r | /etc/security/user.roles |
| r | /etc/security/lastlog |
| r | /etc/security/smitacl.user |
| r | /etc/security/mac_user |
| r | /etc/security/group |
| r | /etc/security/smitacl.group |
| r | /etc/security/login.cfg |
The mksecldap and nistoldif commands.