LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

281

282

283

284

285

286

287

288

289

290

-ZZZ Requires a TLS connection to the LDAP directory server, even if the LDAP-UX configuration

profile does not specify the use of TLS. Using the -ZZZ option requires that you define a

valid directory server or CA certificate in the /etc/opt/ldapux/cert8.db file. An

error will occur if the TLS connection can not be established.

9.3.4.3 Arguments

The following describes command arguments:

-t <type> Specifies the type of entry the ldapuglist tool needs to discover and

process. The valid types of this option are passwd and group. The passwd

type indicates posixAccount-type entries. The group type indicates

posixGroup-type entries. Specification of the <type> parameter tells

ldapuglist how to handle processing of search filters and attribute

mappings. If you do not specify the -t option, ldapuglist assumes the

passwd type. For example, - t group.

-h <hostname> Specifies the host name and optional port number (hostname:port) of the

LDAP directory server. This option overrides the server list configured in the

LDAP-UX configuration profile. This field supports specification of IPv4 and

IPv6 addresses. Note that when you specify a port for an IPv6 address, you

must specify the IPv6 address in square-bracketed form. If the optional port

is unspecified, the port number is assumed to be 389 or 636 for SSL

connections (with the -Z option). For example, -h ldapsrvA.

-p <port> Specifies the port number of the LDAP directory server to contact. The

ldapuglist tool ignores this option if you specify the port number in the

<hostname> as part of the -h option.

-n <name> Provides a simplified method for discovering a single account or group. Use

of -n is the same as -f “(uid=<name>)” for accounts and -f

“(cn=<cname>)” for groups. Do not specify -f and -F on the command

line if you use -n. For example, the following command displays an account

entry for the user, mlee:

ldapuglist -t passwd -n mlee

The output from the preceding command is as follows:

dn: cn=Mike Lee,ou=people,dc=example,dc=com

cn: Mike Lee

uid: mlee

uidNumber: 900

gidNumber: 2010

loginShell: /usr/bin/sh

homeDirectory: /home/mlee

gecos: mlee,Building-5,555-555-5555

-f <filter> Specifies an LDAP-style search filter, <filter>, used to select specific entries

from the LDAP directory. When you use the -f option, the filter specified by

<filter> applies to Posix-style users or groups (depending on whether you

specify the -t passwd or -t group option).

The filter specified with -f is amended with the default LDAP-UX search filter

for either the user or group object types. In addition, when you use -f, if a

known attribute for the particular service has been mapped as defined in

the LDAP-UX configuration profile, then the mapped attribute name is

substituted in the search filter.

For example, if the uidNumber attribute has been mapped to the

employeeNumber attribute, the following command lists a POSIX account

that has uidNumber=51552:

9.3 LDAP user and group management tools 289