LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
changes to two colons and a space character. See “Unencodable Characters” in Section 9.3.9.3
(page 345).
By default the following fields are returned:
cn
ipAddress
Note that when the -m option is specified, the output format changes to the following:
dn: dn1
field1[attribute1]: value1
field2[attribute2]: value2
field3[attribute3]:: base64-encodeded-value3
…
9.3.9.4 Special considerations for output format
UTF8
Since LDAP directories require data to be stored according to the UTF-8 (RFC3629) character
encoding method, all characters displayed by ldaphostlist are UTF-8, and assumed to be
part of the ISO-10646 character set. ldaphostlist does not perform conversion of the locale
character set to/from the UTF-8 character set.
Unencodable Characters (Base64 encoding)
In the ldaphostlist output format, each displayed field is delimited by a new line (carriage-return
and line-feed). To assure that ldaphostlist displays only printable and LDIF encodable
characters, all characters less than 32 (ASCII space), except for 9 (ASCII horizontal tab), and the
character 127 (ASCII delete) will cause the value to be converted into a base-64 encoded string.
Characters above 127 are assumed be from the UTF-8 character set, and printable. If the output
lines are long, the data is not broken into multiple lines.
Encoding of the DN
ldaphostlist displays DN strings according to the encoding rules defined in RFC4514. The
backslash escape character ( \ ) precedes special characters, which can be the character itself or
a 2-digit hex representation of the character.
9.3.9.5 How ldaphostlist binds to the directory server
The ldaphostlist command is designed to take advantage of the existing LDAP-UX configuration
for determining which directory server to bind to, and how to perform the bind operation. The
ldaphostlist command consults the LDAP-UX configuration profile for the following information:
• The list of LDAP directory server hosts
• The authentication method (simple passwords, SASL/DIGEST-MD5, and so on)
If neither of the environment variables LDAP_BINDDN and LDAP_BINDCRED were specified,
ldaphostlist also consults the LDAP-UX configuration for the following additional information:
• The type of credential (user, proxy or anonymous) to use
• The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for
administrative users or /etc/opt/ldapux/pcred for nonprivileged users)
ldaphostlist displays an error message if LDAP_BINDDN is specified and LDAP_BINDCRED
is not, unless the -P option was specified.
The ldaphostlist tool attempts to contact the first available directory server as defined in the
host list maintained by LDAP-UX. (For more information, see ldapux(5).) As soon as a connection
is established, further directory servers on the host list are not contacted. Once connected,
ldaphostlist first determines if the environment variables LDAP_BINDDN and LDAP_BINDCRED
were specified (if the -P option was not specified). If so, then ldaphostlist attempts to bind
to the directory server using the specified credentials and configured LDAP-UX authentication
method. If these environment variables were not specified, then ldaphostlist determines if the
346 Command and tool reference