LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

151

152

153

154

155

156

157

158

159

160

If the password is not available to ldapuglist, ldapuglist does not display the

userPassword field. If you specify the -L option, the password field will contain the “x”

character.

6.3.4.6 Specific Return Codes for ldapuglist

The ldapuglist tool returns a list of return codes shown in Table 6-6.

Table 6-6 Return Codes for ldapuglist

MessageReturn Code

Search operation failed.

LST_SEARCH_FAILED

The <attr> parameter may not be used when the -L

option is specified.

LST_COMMANDLINE_ERR

The requested input options cannot be specified at the

same time.

LST_COMMANDLINE_ERR

The “maxcount” value must be greater than 0.LST_COMMANDLINE_ERR

The specified search base is too long.

LST_SEARCH_BASE_TOO_LONG

The specified search filter is too long.

LST_SEARCH_FILTER_TOO_LONG

The attribute mapping evaluates to an empty search filter.

For example,

ldapuglist -t passwd -f "(gecos=)"

The output of the command displays the

“LST_ATTR_MAP_EMPTY” error because the gecos values

are not specified in the command line, ldapuglist

evaluates the gecos attribute to an empty search filter.

LST_ATTR_MAP_EMPTY

One or more of the attributes specified in the search filter

is not mapped or mapped to *NULL*, cannot create search

filter. For example,

ldapuglist -t passwd -f “(userpassword=userp)”

The output of the above command displays the

“LST_ATTR_MAP_NULL” error because the

userpassword attribute is mapped to *NULL* in the

LDAP-UX configuration profile.

LST_ATTR_MAP_NULL

The attribute is not allowed when bind to the directory

server with the LDAP-UX proxy user.

LST_ATTR_NOT_ALLOWD

6.3.4.7 Limitations

The ldapuglist tool has the following limitations:

• The ldapuglist tool does not support enumeration of members of a dynamic group, such

as those defined by the dynamic group attributes, memberURL or msDS-AzLDAPQuery.

• The ldapuglist tool does not perform conversion of the locale character set to and from

the UTF-8 character set.

6.3.4.8 Examples

This section provides examples of using ldapuglist:

While use of LDAP_BINDDN is not typically required to use ldapuglist, the LDAP_BINDDN

and LDAP_BINDCRED environment variables can be used to specify the Distinguished Name

(DN) and password of a user with sufficient directory server privilege to display protected

attributes.

Setting the LDAP_BINDDN and LDAP_BINDCRED environment variables is optional when using

ldapuglist.

6.3 LDAP User and Group Management Tools 155