Manualshelf

LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Server Administrator's Guide (edition 8)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
171172173174175176177178179180
Table Of Contents
base: Search only the entry specified in the -b option.
one: Search only the immediate children of the entry specified in the
-b option.
sub: Perform a sub-tree search starting at the point identified in the
-b option.
-N <maxcount>
Specifies the maximum number of entries to be returned. If you do not
specify this option, the maximum number of entries to be returned is 200
by default. Some LDAP directory servers will limit the number of entries
returned for a particular search request, regardless of how many entries
are requested. If the <maxcount> limit is set too high, it may not be possible
to determine if a search has returned complete results, because the directory
server might have truncated the number of returned entries before reaching
the requested maximum count. Although some LDAP directory servers
indicate when a specified search exceeds an enumeration limit. If the
<maxcount> limit is above the directory server's internal configured limit,
it is not always possible to determine if all results have been returned.
However, a reasonable assumption is that if maximum number of entries
have been returned, additional entries are likely still available to display
that match the search criteria than just those displayed. For example, -N
150.
<attr>
Specifies additional LDAP attributes to display aside from the predefined
RFC 2307 attributes for users or groups. The <attr> argument may not
be used if the -L option is specified. Attributes specified in the <attr> list
are assumed to not be part of RFC 2307 and thus are not be mapped. When
you specify the -m option, the output format for a value specified by an
<attr> name is always in the following form:
attributename[attributename]: value
NOTE: The ldapuglist tool does not allow you to use the <attr>
parameter when ldapuglist binds to the directory server using the
LDAP-UX proxy user. This limitation prevents regular HP-UX users from
discovering LDAP data that was previously not displayed by LDAP-UX.
Use of the <attr> parameter requires that the user has the rights to use
the LDAP-UX administrator credential (/etc/opt/ldapux/acred) or
the user running ldapuglist has specified an identity using the -P option
or the LDAP_BINDDN and LDAP_BINDCRED environment variables.
Output Format
Output from ldapuglist follows a consistent format, regardless of which attributes you use
to define information in an LDAP directory. The output format is as follows:
dn: dn1
field1: value1
field2: value2
field3:: base64-encodeded-value3
...
dn: dn2
field1: value1
field2: value2
...
Each entry is preceded by a DN, followed by one or more field-value pairs. The DN and each
field-value pair are on a separate line, separated by a carriage-return and line-feed character.
The field and value are separated by a colon and a space character. Each entry is separated by a
blank line. If an un-encodable character is encountered (carriage-return or line-feed for example)
in a value string, the whole value is base64 encoded and the field-value separator is changed to
two colons and a space character.
LDAP User and Group Management Tools 179