HP-UX Directory Server 8.1 configuration, command, and file reference
Table 6-9 Description of GSSAPI SASL mechanism options
ExampleDescriptionOptionRequired or
optional
-o “mech=GSSAPI”Gives the SASL mechanism.
NOTE:
Have the Kerberos ticket before
issuing a GSS-API request.
mech=GSSAPIRequired
-o
“secprop=noplain,noanonymous,
maxssf=56,minssf=56”
The secprop attribute sets the
security properties for the
connection. The secprop value
can be any of the following:
• None
• noplain
Do not permit mechanisms
susceptible to simple passive
attack.
• noanonymous
Do not permit mechanisms
that allow anonymous access.
• minssf
Require a minimum security
strength; this option needs a
numeric value specifying bits
of encryption. A value of -1
means integrity is provided
without privacy.
• maxssf
Require a maximum security
strength; this option needs a
numeric value specifying bits
of encryption. A value of -1
means integrity is provided
without privacy. The
maximum value is 56.
secprop=value
Optional
6.4.6 Additional ldapsearch options
Table 6-10 Additional ldapsearch options
DescriptionOption
Specifies that the search retrieve the attributes only, not the attribute values. This option is useful
to determine if an attribute is present for an entry and the value is not important.
-A
Specifies how alias dereferencing is completed. Values can be never, always, search, or find.
The default value is never.
-a
Print non-ASCII values using the old output format (attrName=attrValue).-B
Specifies the getEffectiveRightscontrol authzid. For example:
dn:uid=bjensen,dc=example,dc=com
A value of "" means the authorization ID for the operation. A value of dn: means anonymous
-c
Specifies a different separator. This option allows a separator other than a colon (:) to separate an
attribute name from the corresponding value. For example:
-F +
-F
6.4 ldapsearch 199