LDAP-UX Client Services B.05.00 Administrator's Guide
Note that when the -m option is specified, the output format changes to the following:
dn: dn1
field1[attribute1]: value1
field2[attribute2]: value2
field3[attribute3]:: base64-encodeded-value3
…
7.3.9.4 Special Considerations for Output Format
UTF8
Since LDAP directories require data to be stored according to the UTF-8 (RFC3629) character
encoding method, all characters displayed by ldaphostlist are UTF-8, and assumed to be
part of the ISO-10646 character set. ldaphostlist does not perform conversion of the locale
character set to/from the UTF-8 character set.
Unencodable Characters (Base64 encoding)
In the ldaphostlist output format, each displayed field is delimited by a new line
(carriage-return and line-feed). To assure that ldaphostlist displays only printable and LDIF
encodable characters, all characters less than 32 (ASCII space), except for 9 (ASCII horizontal
tab), and the character 127 (ASCII delete) will cause the value to be converted into a base-64
encoded string. Characters above 127 are assumed be from the UTF-8 character set, and printable.
If the output lines are long, the data is not broken into multiple lines.
Encoding of the DN
ldaphostlist displays DN strings according to the encoding rules defined in RFC4514. The
backslash escape character ( \ ) precedes special characters, which can be the character itself or
a 2-digit hex representation of the character.
7.3.9.5 Binding to the Directory Server
ldaphostlist is designed to take advantage of the existing ldapux(5) configuration for
determining to which directory server to bind, and how to perform the bind operation.
ldaphostlist consults the ldapux(5) configuration profile for the following information:
• The list of LDAP directory server hosts
• The authentication method (simple passwords, SASL/DIGEST-MD5, and so on)
If neither of the environment variables LDAP_BINDDN and LDAP_BINDCRED were specified,
ldaphostlist also consults the ldapux(5) configuration for the following additional information:
• The type of credential (user, proxy or anonymous) to use
• The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for
administrative users or /etc/opt/ldapux/pcred for nonprivileged users)
ldaphostlist displays an error message if LDAP_BINDDN is specified and LDAP_BINDCRED
is not, unless the -P option was specified.
As with ldapux(5), ldaphostlist attempts to contact the first available directory server as
defined in the ldapux(5) host list. As soon as a connection is established, further directory servers
on the host list are not contacted. Once connected, ldaphostlist first determines if the
environment variables LDAP_BINDDN and LDAP_BINDCRED were specified (if the -P option
was not specified). If so, then ldaphostlist attempts to bind to the directory server using the
specified credentials and configured LDAP-UX authentication method. If these environment
variables were not specified, then ldaphostlist determines if the configured credential type
is “proxy” and, if so, attempts to bind to the directory server using the configured LDAP-UX
proxy credential. If configured, the acred proxy credential is used for administrative users
(determined if the user running ldaphostlist has enough privilege to read the /etc/opt/
ldapux/acred file). Otherwise, the credential configured in /etc/opt/ldapux/pcred is
used. If the proxy credential is not configured and the -P option has not been specified,
ldaphostlist connects anonymously.
7.3 LDAP user and group management tools 283