The following table shows the arguments for the options.
Option Description Values
-a User authentication
method
Local only, LDAP only, local first then LDAP, LDAP first
then local
-b Binding method Anonymous, bind w/ClientDN and password, user
principal bind (UPN)
-c Client distinguished
name
String of up to 63 characters for client_dn
-d Search domain String of up to 31 characters for search_domain
-f Group filter String of up to 63 characters for group_filter
-g Group search attribute String of up to 63 characters for group_search_attr
-l Login permission
attribute
String of up to 63 characters for string
-m Domain source Extract search domain from login ID, use only
configured search domain, try login first then
configured value
-n Service name String of up to 15 characters for service_name
-p Client password String of up to 15 characters for client_pw
-pc Confirm client
password
String of up to 15 characters for confirm_pw
Command usage is: ldap -p client_pw -pc confirm_pw
This option is required when changing the client
password. It compares the confirm_pw argument with
the client_pw argument and the command will fail if
they do not match.
-r Root entry
distinguished name
(DN)
String of up to 63 characters for root_dn
s1ip Server 1 host name/IP
address
String up to 63 characters or an IP address for host
name/ip_addr
s2ip Server 2 host name/IP
address
String up to 63 characters or an IP address for host
name/ip_addr
s3ip Server 3 host name/IP
address
String up to 63 characters or an IP address for host
name/ip_addr
s1pn Server 1 port number A numeric port number up to 5 digits for port_number.
s2pn Server 2 port number A numeric port number up to 5 digits for port_number.
s3pn Server 3 port number A numeric port number up to 5 digits for port_number.
-u UID search attribute String of up to 23 characters for search_attrib
-v Get LDAP server
address via DNS
Off, on
-w Allows wildcards in the
group name
Off, on
-h Displays the command
usage and options
Chapter 6. Command-line interface 101
