LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

341

342

343

344

345

346

347

348

349

350

9.3.9.8 Security Considerations

To support noninteractive use of the ldaphostlist command, specification of the LDAP user’s

credentials might be required. In noninteractive mode, these credentials are specified in the

LDAP_BINDDN and LDAP_BINDCRED environment variables. To prevent exposure of these

environment variables, they should be unset after use. Note that the shells command history log

might contain copies of the executed commands that show setting of these variables. Access to a

shell’s history file must be protected. Specification of the LDAP user’s credentials on the command

line is not allowed since information about the currently running processes can be exposed externally

from the session. Specifying the -P option allows for interactive prompting of the user’s credentials,

and therefore eliminates the need to specify the LDAP_BINDDN and LDAP_BINDCRED environment

variables.

ldaphostlist only displays attributes for hosts for which the user has sufficient privilege to view.

By default, (if neither the -P option nor the environment variables have been specified),

ldaphostlist binds to the directory server anonymously, or uses the proxy user’s credentials if

configured. When ldaphostlist uses the proxy user’s credentials to bind, the information

displayed might be limited. See Section 9.3.9.7 (page 347) for additional information.

9.3.9.9 LDAP-UX Profile

ldaphostlist makes use of the LDAP-UX configuration profile to determine the information

model used in the directory server to store POSIX attributes.

9.3.9.10 Limitations

ldaphostlist does not perform conversion of the locale character set to/from the UTF-8 character

set.

9.3.9.11 Examples

Examples of how to use ldaphostmgr can be found in the LDAP-UX Client Services Administrators

Guide.

9.3.9.12 Resources for more information

ldaphostmgr(1M), ldapugadd(1M), ldapugmod(1M), ldapugdel(1M), ldapcfinfo(1M), and ldapux(5)

9.3.10 The ldapcfinfo tool

Use the ldapcfinfo tool to discover LDAP-UX configuration information about the LDAP-UX

product. The ldapcfinfo tool can also be used to discover the list of required attributes when

creating new users or groups to an LDAP directory server. Noninteractive LDAP applications can

use this tool to find LDAP-UX configuration details when adding new users or groups. The

ldapcfinfo tool can also report if LDAP-UX is properly configured and active for the specified

service.

9.3.10.1 Synopsis

ldapcfinfo [-t <type>] [-T <template_file>] [-a <DN>] [-m <atobName>]

[-A|-P|-D|-L |-R|-b|-s |-f |-h]

348 Command and tool reference