ldaphostlist.1m (2010 09)
l
ldaphostlist(1M) ldaphostlist(1M)
location in the directory tree where to start the search. If unspecified,
ldaphostlist
will use the search base from the hosts serviceSearchDescriptor or defaultSearchBase as
defined in the LDAP-UX configuration profile, per section 4.6 of RFC 4876.
-f filter Specifies an LDAP-style search filter, used to select specific host entries from the LDAP
directory. When -f is used, the filter specified by filter is assumed apply to POSIX-style
host entries. This means the filter specified with
-f will be amended with the default
ldapux (5) search filter for the host object type. In addition, when
-f is used, if a known
attribute for the host service (see the lists defined under Output Format), has been
mapped as defined by the ldapux (5) configuration profile, then the mapped attribute
name will be substituted in the search filter. Using an example with the following com-
mand:
ldaphostlist -f "(cn=myhost)"
And assuming the LDAP-UX product has been configured as follows:
• The configuration profile defines the search filter for the host service as
"(objectclass=ipHost)"
• The cn attribute for the host service has been mapped to the hostName attribute.
Then the actual search filter used by
ldaphostlist would be:
(&(objectclass=ipHost)(hostName=myhost))
Notes:
• When -f is used and any of the attributes specified in the search filter have been
mapped to "*NULL*", ldaphostlist will return an error.
• Attributes that are not part of the LDAP-UX configuration profile mapping for the
hosts service will not be modified. Refer to RFC2307: An Approach for Using LDAP
as a Network Information Service for the list of attributes that may be mapped.
• Specifying
-n and -f on the same command line will result in an error.
-F filter Is similar to -f, except that filter is assumed to be immutable, and the ldapux (5) host
filter from the configuration profile will not be amended to the specified filter, nor will
attribute mapping apply to the filter.
Notes:
• When
-F is used, the specified filter should still apply to host entries. In other words,
ldaphostlist will produce undefined results if the search filter specified with -F
discovers user accounts instead of host entries.
• Specifying
-n and -F on the same command line will result in an error.
-g groupname Limits the hosts returned to those that are also members of the specified group. The
LDAP group will be discovered by searching for any entry under the default base (as
configured in the LDAP-UX profile or specified using -b) that are of the groupOfNames ,
or groupOfUniqueNames object class and have the specified groupname . ldaphost-
list will enumerate the members of the specified group, searching for members that are
hosts, and then display those entries. Note that -f/-F may be used to further narrow
the list of returned host entries.
The
-g and -n options are mutually exclusive.
-h servername Specifies the host name and optional port number (hostname:port) of the directory
server. This option overrides the server list configured by ldapux (5). This field supports
specification of IPv4 and IPv6 addresses. Note that when a port is specified for an IPv6
address, the IPv6 address must be specified in square-bracketed form. If the optional
port is unspecified, the port number is assumed to be 389 or 636 for SSL connections
(-Z). Refer to Binding to the Directory Server below for additional details.
-k [[-]keyage] Displays the sshPublicKey for each host discovered. If keyage is not specified, all entries
will be displayed. If keyage is specified and is preceded by the minus sign (-), lda-
phostlist will only display host entries that have keys that were generated greater
than keyage days ago. If keyage is not preceded by -, ldaphostlist will display only
those entries that have keys that are considered expired or will expire within keyage
days. Note that host entries may not have key age or expiration information defined in
2 Hewlett-Packard Company − 2 − HP-UX 11i v3: June 2010 Web Release