ldaphostlist.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldaphostlist(1M) ldaphostlist(1M)

NAME

ldaphostlist - displays and enumerates host entries (OS instances) residing in an LDAP-based directory

server

SYNOPSIS

ldaphostlist [options ][-h servername ][

-p port ][-b base][-s scope]

[

-n hostname | -g groupname][(

-f|F) ﬁlter][-N maxcount ][-k [[-]keyage]]] [attr ]...

DESCRIPTION

ldaphostlist is a command-line tool used to display and enumerate host entries that reside in an

LDAP-based directory server. Although ldaphostlist provides similar output as compared with the

ldapsearch command, it has been provided to meet a few speciﬁc feature requirements. These

features allow applications to discover and evaluate hosts stored in an LDAP directory server, without

requiring intimate knowledge of the methods used retrieve and evaluate that information in the LDAP

directory server.

In addition,

ldaphostlist can be used to discover expiration information about

ssh host keys if that

information is managed in the directory server.

Except for the optional trailing attr list, all parameters speciﬁed above are not positional dependent.

Unless the trailing attr list is provided, ldaphostlist only displays the cn (host name) and ipHostNumber

(IP Address) attributes.

•

ldaphostlist uses the existing ldapux (5) conﬁguration, requiring minimal command-line

options to discover where to search for host information, such as which directory server(s) to con-

tact and proper search ﬁlters for ﬁnding accounts and groups. This tool provides command

options that alter these conﬁguration parameters.

•

ldaphostlist uses the existing ldapux (5) authentication conﬁguration to determine how to

bind to the LDAP directory server.

•

ldaphostlist supports attribute mapping as conﬁgured by ldapux (5). Fields returned from

ldaphostlist will use a consistent format, similar to that deﬁned by RFC2307, even when

different attributes are actually used to store the information in the directory server. Note, that

although that format is similar to LDIF, it is not LDIF. Major differences include:

• Object classes will not be displayed (unless speciﬁcally requested in the attr list).

• By default only POSIX-related attributes for a host will be displayed by

ldaphostlist,

unless an attribute list or option is speciﬁcally requested on the command line. This means

only ipHostNumber and cn will be displayed by default.

• Output lines will not be broken after 80 columns.

Options and Arguments

The optional attr , list should be the last parameter speciﬁed. All other options are not positional depen-

dent.

attr Speciﬁes additional LDAP attributes to display aside from the pre-deﬁned RFC2307 attri-

butes for hosts. Attributes speciﬁed in the attr list are assumed to not be part of

RFC2307 and thus will not be mapped.

When the

-m option is speciﬁed, the output format for a value speciﬁed by an attr will

always be in the form:

attributename [attributename]

:value

Note,

ldaphostlist limits the list of displayable attributes to RFC2307 attributes if

LDAP-UX has been conﬁgured to use proxy credentials and no other credentials have

been speciﬁed (using the -P option or the LDAP_BINDDN and LDAP_BINDCRED

environment variables). ldaphostlist may not display attributes requested in the

attr list in this situation unless the system administrator has attested that the proxy user

does not have permissions beyond that of a non-privileged user. This limitation prevents

regular HP-UX users from discovering LDAP data that was previously not displayed by

LDAP-UX. Refer to Security Considerations for additional information.

attr may not be used if the

-L option is speciﬁed.

-b base Overrides the search base as deﬁned in the ldapux (5) conﬁguration. base is a dis-

tinguished name (DN) that describes the lowest (with the tree branches facing up)

HP-UX 11i v3: June 2010 Web Release − 1 − Hewlett-Packard Company 1

Summary of content (8 pages)

PAGE 1
ldaphostlist(1M) ldaphostlist(1M) NAME ldaphostlist - displays and enumerates host entries (OS instances) residing in an LDAP-based directory server SYNOPSIS ldaphostlist [options ] [-h servername ] [-p port ] [-b base ] [-s scope ] [-n hostname | -g groupname] [(-f|F) filter] [-N maxcount ] [-k [[-]keyage]]] [attr ]... DESCRIPTION ldaphostlist is a command-line tool used to display and enumerate host entries that reside in an LDAP-based directory server.
PAGE 2
ldaphostlist(1M) ldaphostlist(1M) location in the directory tree where to start the search. If unspecified, ldaphostlist will use the search base from the hosts serviceSearchDescriptor or defaultSearchBase as defined in the LDAP-UX configuration profile, per section 4.6 of RFC 4876. -f filter Specifies an LDAP-style search filter, used to select specific host entries from the LDAP directory. When -f is used, the filter specified by filter is assumed apply to POSIX-style host entries.
PAGE 3
ldaphostlist(1M) ldaphostlist(1M) the directory server, and thus this keyage option will only apply to those host entries that do. Please see the ldaphostmgr (1M) command and the -k and -e options for additional information about key ages and expiration. Use of -k is only recommended if the user performing the search request is not subject to directory server search-size limits, since ldaphostmgr must retrieve each entry to determine its keyage meets the specified criteria.
PAGE 4
ldaphostlist(1M) ldaphostlist(1M) -p port Specifies the port number of the directory server to contact. This option is ignored if the port number is specified in the servername as part of the -h option. Refer to Binding to the Directory Server below for additional details. -P Prompts for user’s bind DN and password. Without -P, ldaphostlist will attempt to bind to the directory server using the environment variables LDAP_BINDDN and LDAP_BINDCRED.
PAGE 5
ldaphostlist(1M) ldaphostlist(1M) Note that when the -m option is specified, the output format will change to: dn : dn1 field1[attribute1 ] : value1 field2[attribute2 ] : value2 field3[attribute3 ] :: base64-encodeded-value3 Special Considerations for Output Format UTF-8 Since LDAP directories require data be stored according to the UTF-8 (RFC3629) character encoding method, all characters displayed by ldaphostlist will be UTF-8, and assumed to be part of the ISO-10646 character set.
PAGE 6
ldaphostlist(1M) ldaphostlist(1M) environment variables, they should be unset after use. Note also that shells (4) command history log may contain copies of the executed commands that show setting of these variables. Access to a shell’s history file must be protected. Specification of the LDAP user’s credentials on the command line is not allowed since information about the currently running processes can be exposed externally from the session.
PAGE 7
ldaphostlist(1M) ldaphostlist(1M) LIMITATIONS ldaphostlist will not perform conversion of the locale character set to/from the UTF-8 character set. EXAMPLES Examples of how to use ldaphostmgr can be found in the "LDAP-UX Client Services Administrators Guide". SEE ALSO ldapcfinfo(1M), ldaphostmgr(1M), ldapugadd(1M), ldapugdel(1M), ldapugmod(1M), ldapux(5). LDAP-UX Client Services Administrators Guide on http://www.hp.com/go/hpux-securitydocs.
PAGE 8
(Notes) A (Notes) lA 8 Hewlett-Packard Company −1− HP-UX 11i v3: June 2010 Web Release