LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

341

342

343

344

345

346

347

348

349

350

expire within keyage days. Host entries might not have key age

or expiration information defined in the directory server, and

therefore this keyage option will apply to only those host entries

that do. Please see the ldaphostmgr command and the -k and

-e options for additional information about key ages and expiration.

Use of -k is only recommended if the user performing the search

request is not subject to directory server search-size limits, since

ldaphostmgr must retrieve each entry to determine its keyage

meets the specified criteria.

If -k is specified, but none of the -n, -g, -f, nor -F options are

specified, then only hosts that have sshPublicKey attributes are

displayed.

keyage is optional. If it is not specified, all hosts that have

sshPublicKeys is displayed, unless limited by the -n, -g, -f or -F

options.

attr Specifies additional LDAP attributes to display besides the

predefined RFC2307 attributes for hosts. Do not use attr with the

-L option. Attributes specified in the attr list are assumed to not

be part of RFC2307, and are therefore not mapped. When the -m

option is specified, a value specified by attr is always in the

following the output format:

attributename[attributename]: value

When binding to the directory server using the LDAP-UX proxy user,

ldaphostlist does not allow use of the attr argument, unless

the system administrator has attested that the proxy user does not

have permissions beyond that of a nonprivileged user. This limitation

prevents regular HP-UX users from discovering LDAP data not

previously displayed by LDAP-UX. Use of the attr argument

requires that either the user has the rights to use the LDAP-UX

Administrator Credential (/etc/opt/ldapux/acred), or that the

user running ldaphostlist has specified an identity using the

-P option or LDAP_BINDDN and LDAP_BINDCRED environment

variables. See Section 9.3.9.7 (page 347) for additional information.

9.3.9.3 Output format

Output from ldaphostlist follows a consistent format, regardless of which attributes are used

to define information in an LDAP directory. The output format is:

dn: dn1

field1: value1

field2: value2

field3:: base64-encodeded-value3

…

dn: dn2

field1: value1

field2: value2

…

Each entry is preceded by a DN, followed by one or more field-value pairs. The DN and each

field-value pair is e on a separate line, separated by a carriage-return and line-feed character.

The field and value are separated by a colon and space character. Each entry is separated by a

blank line. In the event an unencodable character is encountered (carriage-return or line-feed for

example) in a value string, the whole value is base64-encoded and the field-value separator

9.3 LDAP user and group management tools 345