LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

281

282

283

284

285

286

287

288

289

290

Then the actual search filter used by ldaphostlist would be:

(&(objectclass=ipHost)(hostName=myhost))

Notes:

• When -f is used and any of the attributes specified in the

search filter have been mapped to “*NULL*”, ldaphostlist

returns an error.

• Attributes that are not part of the LDAP-UX configuration

profile mapping for the host service are not modified. Refer

to RFC2307: An Approach for Using LDAP as a Network

Information Service for the list of attributes that may be

mapped.

• Specifying -n and -f on the same command line results in

an error.

-F filter Similar to -f, except that filter is assumed to be immutable,

and the ldapux(5) host filter from the configuration profile is not

amended to the specified filter, nor will attribute mapping apply

to the filter.

Notes:

• When -F is used, the specified filter should still apply to host

entries. ldaphostlist will produce undefined results if the

search filter specified with -F discovers user accounts instead

of host entries.

• Specifying -n and -F on the same command line results in

an error.

-N maxcount

Specifies the maximum number of entries to be returned. If this

option is not specified, the maximum number of entries to be

returned is 200 by default (unless -g is specified). Some directory

servers limit the number of entries returned for a particular search

request, regardless of how many entries are requested. If the

maxcount limit is set too high, it might not be possible to

determine if a search has returned complete results, since the

directory server might have truncated the number of returned

entries before reaching the requested maximum count. Although

some directory servers will indicate if a specified search exceeds

an enumeration limit, if maxcount is above the directory server's

internal configured limit, it is not always possible to determine if

all results have been returned. However, a reasonable assumption

is that if maxcount entries have been returned, additional entries

are likely still available that match the search criteria than just

those displayed. The -N option is ignored if the -g option is

specified.

-key [ - ] [keyage]

Displays the sshPublicKey for each host discovered. If keyage is

preceded by “-”, ldaphostlist displays only those host entries

that have keys that were generated more than keyage days ago.

If keyage is not preceeded by “-”, ldaphostlist displays only

those entries that have keys that are considered expired or that

will expire within keyage days. Host entries might not have key

age or expiration information defined in the directory server, and

therefore this keyage option will apply to only those host entries

that do. Please see the ldaphostmgr command and the -k and

-e options for additional information about key ages and

7.3 LDAP user and group management tools 281