LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

291

292

293

294

295

296

297

298

299

300

starts the search in an LDAP directory server. If unspecified, ldapuglist

uses the defaultSearchBase as defined in the LDAP-UX configuration profile.

-s <scope> This option overrides the search scope as defined in the LDAP-UX

configuration profile. Specifies how deep in the directory tree to perform the

search. The <scope> argument can be one of the following:

• base: Search only the entry specified in the -b option.

• one: Search only the immediate children of the entry specified in the

-b option.

• sub: Perform a sub-tree search starting at the point identified in the -b

option.

-N <maxcount> Specifies the maximum number of entries to be returned. If you do not specify

this option, the maximum number of entries to be returned is 200 by default.

Some LDAP directory servers will limit the number of entries returned for a

particular search request, regardless of how many entries are requested. If

the <maxcount> limit is set too high, it might not be possible to determine

if a search has returned complete results, because the directory server might

have truncated the number of returned entries before reaching the requested

maximum count. Although some LDAP directory servers indicate when a

specified search exceeds an enumeration limit. If the <maxcount> limit is

above the directory server's internal configured limit, it is not always possible

to determine if all results have been returned. However, a reasonable

assumption is that if maximum number of entries have been returned,

additional entries are likely still available to display that match the search

criteria than just those displayed. For example, -N 150.

<attr> Specifies additional LDAP attributes to display aside from the predefined

RFC 2307 attributes for users or groups. The <attr> argument may not be

used if the -L option is specified. Attributes specified in the <attr> list are

assumed to not be part of RFC 2307 and thus are not be mapped. When

you specify the -m option, the output format for a value specified by an

<attr> name is always in the following form:

attributename[attributename]: value

NOTE: The ldapuglist tool does not allow you to use the <attr>

parameter when ldapuglist binds to the directory server using the LDAP-UX

proxy user. This limitation prevents regular HP-UX users from discovering

LDAP data that was previously not displayed by LDAP-UX. Use of the <attr>

parameter requires that the user has the rights to use the LDAP-UX

administrator credential (/etc/opt/ldapux/acred) or the user running

ldapuglist has specified an identity using the -P option or the

LDAP_BINDDN and LDAP_BINDCRED environment variables.

9.3.4.4 Output format

Output from ldapuglist follows a consistent format, regardless of which attributes you use to

define information in an LDAP directory. The output format is as follows:

dn: dn1

field1: value1

field2: value2

field3:: base64-encodeded-value3

...

dn: dn2

field1: value1

9.3 LDAP user and group management tools 291