LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

221

222

223

224

225

226

227

228

229

230

Another example, if the RFC 2307 attribute uidNumber has been mapped to the

employeeNumber attribute. Without the -m option, the output of the uidNumber field

is:

uidNumber: 520

When the -m option is specified, the output representing the uidNumber field is as

follows:

uidNumber[employeeNumber]: 520

The ldapuglist tool ignores the -m option if the -L option is specified.

-L Displays output following /etc/passwd or /etc/group format.

The output format for a user entry is as follows:

uid:userPassword:uidNumber:gidNumber:gecos:homeDirectory:loginShell

The output format for a group entry is as follows:

cn:userPassword:memberUid,memberUid,…

For example, run the following command to display the user entry that contains

uid=mscott:

ldapuglist -t passwd -L -n mscott

The output of the command is as follows:

mscott:x:200:250:mscott:/home/mscott:/usr/bin/sh

The ldapuglist tool ignores the -m option if the -L option is specified. The <attr>

parameter list is invalid if the -L option is specified.

-P

Prompts for the bind identity (typically LDAP DN or Kerberos principal) and bind

password. Without the -P option, ldapuglist attempts to get the bind identity and

password from the environment variables LDAP_BINDDN and LDAP_BINDCRED. If you

do not specify the LDAP_BINDDN or LDAP_BINDCRED environment variables,

ldapuglist gets information from the bind configuration specified in the LDAP-UX

configuration profile. If the LDAP-UX configuration profile has specified the “proxy”

bind, ldapuglist reads the bind credential from either the /etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred file. The /etc/opt/ldapux/acred file is only used

by users who have sufficient administrative privilege to read that file.

-Z

Requires an SSL connection to the LDAP directory server, even if the LDAP-UX

configuration profile does not specify the use of SSL. Using the -Z option requires that

either a valid directory server or CA certificate is defined in the /etc/opt/ldapux/

cert8.db file. An error occurs if the SSL connection cannot be established.

-ZZ

Attempts a TLS connection to the directory server, even if the LDAP-UX configuration

profile does not specify the use of TLS. If a TLS connection cannot be established, a

non-TLS and non-SSL connection will be established. HP does not recommend you to

use -ZZ unless alternative methods are used to protect against network eavesdropping.

Use of -ZZ requires that you define a valid LDAP directory server or CA certificate in

the /etc/opt/ldapux/cert8.db file.

-ZZZ

Requires a TLS connection to the LDAP directory server, even if the LDAP-UX

configuration profile does not specify the use of TLS. Using the -ZZZ option requires

that you define a valid directory server or CA certificate in the /etc/opt/ldapux/

cert8.db file. An error will occur if the TLS connection can not be established.

7.3.4.3 Arguments

The following describes command arguments:

-t <type> Specifies the type of entry the ldapuglist tool needs to discover and

process. The valid types of this option are passwd and group. The passwd

224 Command and tool reference