aixpertldap Command
Purpose
Uploads or downloads AIX® Security Expert XML configuration files to or from a centralized location on a Light Directory Access Protocol (LDAP) server.
Syntax
aixpertldap -u -D binddn -w bindpwd [ -b basedn ] [ -f filename ] [ -l label ]
aixpertldap -d -D binddn -w bindpwd [ -b basedn ]
aixpertldap [ -? ]
Description
The aixpertldap command allows a system administrator to store AIX Security Expert XML configuration files in a centralized location on an LDAP server. By sharing these configuration files, similar systems operating in similar environments can easily download these security policies (XML configuration files), and apply the policies with the aixpert command. In this way, systems with similar security requirements are configured the same.
When this command downloads the AIX Security Expert security policy configuration files from the LDAP server, these files are placed in the local /etc/security/aixpert/ldap directory. The system administrator can scan these files, choose a relevant file, and apply the security settings specified in the file using the -f option of the aixpert command.
Tip: With the existing LDAP setup, this command uses the binding distinguished name and the binding password of the running LDAP client to store or retrieve XML configuration files on or from an LDAP server.
Flags
| Item | Description |
|---|---|
| -D binddn | Specifies the binding distinguished name to connect to an LDAP server. |
| -w bindpwd | Specifies the binding password to read or write XML configuration files from or to an LDAP server. |
| -b basedn | Specifies the centralized location where the XML configuration
files are stored.
|
| -d | Downloads the XML configuration files from an LDAP server to the local /etc/security/aixpert/ldap directory. |
| -f filename | Specifies the full path of the XML configuration file to be
uploaded to an LDAP server. If you do not specify the option, the /etc/security/aixpert/core/appliedaixpert.xml file is uploaded to the LDAP server by default. Restriction: The f and d options are mutually exclusive. |
| -l label | Specifies the short description of the content in the XML configuration
file that is being uploaded. If you do not this option, the XML file
has the host name as the label. For example, if the XML file contains security settings of Accounts department, the label is named AccountsDept. Restriction: The l and d options are mutually exclusive. |
| -u | Uploads the XML configuration files to an LDAP server. |
| -? | Displays the usage statement of the command. |
Exit Status
| Item | Description |
|---|---|
| 0 | Success. |
| 1 | Failure or partial failure. |
Security
Only root users can run the aixpertldap command.
Examples
- To upload the /home/hussain/netwsec.xml file under the
ou=aixpert, ou=Bangalore,o=ibm,c=INDN with theNetworkSecuritylabel, use the following command:aixpertldap –u –D binddn -w secret –b ou=Bangalore,o=ibm,c=IN –f /home/hussain/netwsec.xml –l NetworkSecurity - To download all XML files from the
ou=aixpert, ou=Bangalore,o=ibm,c=INDN to the /etc/security/aixpert/ldap directory, use the following command:aixpertldap –d –D binddn -w secret –b ou=Bangalore,o=ibm,c=IN - To download the XML files from the
ou=aixpert, cn=aixdataDN, use the following command:aixpertldap -d –D binddn -w secret
Files
| Item | Description |
|---|---|
| /etc/security/aixpert/ldap | Stores the downloaded XML configuration files. |