ldaphostlist.1m (2010 09)
l
ldaphostlist(1M) ldaphostlist(1M)
Note that when the -m option is specified, the output format will change to:
dn
: dn1
field1[attribute1 ]: value1
field2[attribute2 ]: value2
field3[attribute3 ]:: base64-encodeded-value3
Special Considerations for Output Format
UTF-8
Since LDAP directories require data be stored according to the UTF-8 (RFC3629) character encod-
ing method, all characters displayed by ldaphostlist will be UTF-8, and assumed to be part of
the ISO-10646 character set. ldaphostlist will not perform conversion of the locale character
set to/from the UTF-8 character set.
Unencodable Characters (Base64 Encoding)
In the output format of ldaphostlist, each displayed field will be delimited by a new line (line-
feed). In order to assure that ldaphostlist
displays only printable and LDIF encodable charac-
ters, all characters less than 32 (ASCII space), except for 9 (ASCII horizontal tab), and the character
127 (ASCII delete) will result in the value being converted into a base-64 encoded string. Charac-
ters above 127 are assumed be from the UTF-8 character set, and assumed printable. If the output
lines are long, the data will not be broken into multiple lines.
Encoding of the DN
ldaphostlist will display DN strings according to the encoding rules defined in RFC4514. The
escape character (\) will precede special characters, which may be the character itself or a 2 digit
hex representation of the character.
Binding to the Directory Server
ldaphostlist has been designed to take advantage of the existing ldapux (5) configuration for deter-
mining to which directory server to bind and how to perform the bind operation. ldaphostlist will
consult the ldapux (5) configuration profile for the following information:
• The list of LDAP directory server hosts.
• The authentication method (simple passwords, SASL Digest MD5, etc...)
If either of the environment variables LDAP_BINDDN and LDAP_BINDCRED
have not been specified,
ldaphostlist will also consult the ldapux (5) configuration for additional information:
• The type of credential (user, proxy or anonymous) to use.
• The credential used for binding as a proxy user (either
/etc/opt/ldapux/acred
for admin-
istrative users or
/etc/opt/ldapux/pcred
for non-privileged users.)
ldaphostlist will display an error message if LDAP_BINDDN has been specified and
LDAP_BINDCRED has not, unless the
-P option has been specified.
As with ldapux (5),
ldaphostlist will attempt to contact the first available directory server as defined
in the ldapux (5) host list. As soon as a connection is established, further directory servers on the host list
will not be contacted. Once connected, ldaphostlist will first determine if the environment variables
LDAP_BINDDN and LDAP_BINDCRED have been specified (if the -P option has not been specified). If
so, then ldaphostlist will attempt to bind to the directory server using the specified credentials and
configured LDAP-UX authentication method.
If the above mentioned environment variables have not been specified, then
ldaphostlist will deter-
mine if the configured credential type is "proxy" and if so, attempt to bind to the directory server using the
configured LDAP-UX proxy credential. If configured, the acred proxy credential will be used for admin-
istrative users (determined if the user running ldaphostlist has enough privilege to read the
/etc/opt/ldapux/acred file). Otherwise the credential configured in /etc/opt/ldapux/pcred
will be used. If the proxy credential is not configured and the -P option has not been specified, lda-
phostlist will connect anonymously.
Note, to prevent discovery of the LDAP administrator’s credentials, the LDAP user DN and password may
not be specified as command-line options to the
ldaphostlist utility.
Security Considerations
In order to support non-interactive use of the
ldaphostlist command, specification of the LDAP user’s
credentials may be required. In non-interactive mode, these credentials are specified in the
LDAP_BINDDN and LDAP_BINDCRED environment variables. To prevent exposure of these
HP-UX 11i v3: June 2010 Web Release − 5 − Hewlett-Packard Company 5