LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

221

222

223

224

225

226

227

228

229

230

7.3.4 ldapuglist tool

You can use the ldapuglist tool to display and enumerate POSIX-like account and group

entries stored in an LDAP directory server, without requiring extensive knowledge of the methods

used to retrieve and evaluate that information in the LDAP directory server.

The ldapuglist tool uses the LDAP-UX profile configuration, requiring minimal command

line options to discover where to search for user or group information, such as the LDAP directory

server host and proper search filters for finding users and groups. This tool provides command

options that enable you to alter these configuration parameters.

The ldapuglist tool supports the followings:

• ldapuglist uses the existing LDAP-UX authentication configuration to determine how

to bind to the LDAP directory server.

• ldapuglist performs attribute value translation to POSIX-like syntaxes. For example, if

group membership is defined using X.500-style DN strings, ldapuglist converts those

string to simple member ids.

• ldapuglist supports attribute mappings as specified in the LDAP-UX configuration

profile. The mapped attributes and values can be displayed. The output format of

ldapuglist is similar to an LDIF format (RFC 2849). It is not LDIF. Major differences

include:

— ldapuglist does not display object classes.

— By default, ldapuglist only displays POSIX-related attributes, unless you specifically

request an attribute list with the <attr> option on the command line.

— Output lines are not broken after 80 columns.

7.3.4.1 Synopsis

ldapuglist [options] [-t <type>] [-h <hostname>] [-p <port>] [-n <name>]

[-f|F <filter>] [-b <base>] [-s <scope> [-N <maxcount>] [<attr>...]

7.3.4.2 Options

The ldapuglist tool supports the following command options:

-m Displays the names of the mapped attributes when returning results. Without the -m

option, ldapuglist displays results as follows:

fieldname: value

Where fieldname is one of the predefined RFC 2307 attribute names, and value is the

value for that field.

With the -m option, the ldapuglist tool displays the actual attribute mapping name

as follows:

fieldname[mapped attributename]: value

In the following example, if the RFC 2307 attribute gecos has been mapped to the cn,

l (location) and telephoneNumber attributes. Without the -m option, the output of

the gecos field is:

gecos: Bill Wan,Building 45,1-555-555-5431

When the -m option is specified, the output representing the gecos field is as follows:

gecos[cn]: Bill Wang

gecos[l]: Building 45

gecos[telephoneNumber]: 1-555-555-5431

When a field has been mapped to multiple attributes, those attributes will appear in the

order as defined in the LDAP-UX configuration profile.

7.3 LDAP user and group management tools 223