LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

281

282

283

284

285

286

287

288

289

290

expiration. Use of -k is only recommended if the user performing

the search request is not subject to directory server search-size

limits, since ldaphostmgr must retrieve each entry to determine

its keyage meets the specified criteria.

If -k is specified, but none of the -n, -g, -f, nor -F options are

specified, then only hosts that have sshPublicKey attributes are

displayed.

keyage is optional. If it is not specified, all hosts that have

sshPublicKeys will be displayed, unless limited by the -n, -g, -f

or -F options.

attr

Specifies additional LDAP attributes to display besides the

pre-defined RFC2307 attributes for hosts. Do not use attr with

the -L option. Attributes specified in the attr list are assumed

to not be part of RFC2307, and are therefore not mapped. When

the -m option is specified, a value specified by attr is always in

the following the output format:

attributename[attributename]: value

When binding to the directory server using the LDAP-UX proxy

user, ldaphostlist does not allow use of the attr argument,

unless the system administrator has attested that the proxy user

does not have permissions beyond that of a nonprivileged user.

This limitation prevents regular HP-UX users from discovering

LDAP data not previously displayed by LDAP-UX. Use of the

attr argument requires that either the user has the rights to use

the LDAP-UX Administrator Credential (/etc/opt/ldapux/

acred), or that the user running ldaphostlist has specified

an identity using the -P option or LDAP_BINDDN and

LDAP_BINDCRED environment variables. See Section 7.3.9.7

(page 284) for additional information.

7.3.9.3 Output Format

Output from ldaphostlist follows a consistent format, regardless of which attributes are used

to define information in an LDAP directory. The output format is:

dn: dn1

field1: value1

field2: value2

field3:: base64-encodeded-value3

…

dn: dn2

field1: value1

field2: value2

…

Each entry is preceded by a DN, followed by one or more field-value pairs. The DN and each

field-value pair is e on a separate line, separated by a carriage-return and line-feed character.

The field and value are separated by a colon and space character. Each entry is separated by a

blank line. In the event an unencodable character is encountered (carriage-return or line-feed for

example) in a value string, the whole value is base64-encoded and the field-value separator

changes to two colons and a space character. See “Unencodable Characters” in Section 7.3.9.3

(page 282).

By default the following fields are returned:

ipAddress

282 Command and tool reference