LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

281

282

283

284

285

286

287

288

289

290

In the following example, if the RFC 2307 attribute gecos has been mapped to the cn,

l (location) and telephoneNumber attributes. Without the -m option, the output of the

gecos field is:

gecos: Bill Wan,Building 45,1-555-555-5431

When the -m option is specified, the output representing the gecos field is as follows:

gecos[cn]: Bill Wang

gecos[l]: Building 45

gecos[telephoneNumber]: 1-555-555-5431

When a field has been mapped to multiple attributes, those attributes will appear in the

order as defined in the LDAP-UX configuration profile.

Another example, if the RFC 2307 attribute uidNumber has been mapped to the

employeeNumber attribute. Without the -m option, the output of the uidNumber field

is:

uidNumber: 520

When the -m option is specified, the output representing the uidNumber field is as follows:

uidNumber[employeeNumber]: 520

The ldapuglist tool ignores the -m option if the -L option is specified.

-L Displays output following /etc/passwd or /etc/group format.

The output format for a user entry is as follows:

uid:userPassword:uidNumber:gidNumber:gecos:homeDirectory:loginShell

The output format for a group entry is as follows:

cn:userPassword:memberUid,memberUid,…

For example, run the following command to display the user entry that contains

uid=mscott:

ldapuglist -t passwd -L -n mscott

The output of the command is as follows:

mscott:x:200:250:mscott:/home/mscott:/usr/bin/sh

The ldapuglist tool ignores the -m option if the -L option is specified. The <attr>

parameter list is invalid if the -L option is specified.

-P Prompts for the bind identity (typically LDAP DN or Kerberos principal) and bind password.

Without the -P option, ldapuglist attempts to get the bind identity and password from

the environment variables LDAP_BINDDN and LDAP_BINDCRED. If you do not specify

the LDAP_BINDDN or LDAP_BINDCRED environment variables, ldapuglist gets

information from the bind configuration specified in the LDAP-UX configuration profile. If

the LDAP-UX configuration profile has specified the “proxy” bind, ldapuglist reads the

bind credential from either the /etc/opt/ldapux/acred or /etc/opt/ldapux/

pcred file. The /etc/opt/ldapux/acred file is only used by users who have sufficient

administrative privilege to read that file.

-Z Requires an SSL connection to the LDAP directory server, even if the LDAP-UX configuration

profile does not specify the use of SSL. Using the -Z option requires that either a valid

directory server or CA certificate is defined in the /etc/opt/ldapux/cert8.db file.

An error occurs if the SSL connection cannot be established.

-ZZ Attempts a TLS connection to the directory server, even if the LDAP-UX configuration profile

does not specify the use of TLS. If a TLS connection cannot be established, a nonTLS and

nonSSL connection will be established. HP does not recommend you to use -ZZ unless

alternative methods are used to protect against network eavesdropping. Use of -ZZ requires

that you define a valid LDAP directory server or CA certificate in the /etc/opt/ldapux/

cert8.db file.

288 Command and tool reference