ldaphostlist.1m (2010 09)
l
ldaphostlist(1M) ldaphostlist(1M)
environment variables, they should be unset after use.
Note also that shells (4) command history log may contain copies of the executed commands that show set-
ting of these variables. Access to a shell’s history file must be protected.
Specification of the LDAP user’s credentials on the command line is not allowed since information about
the currently running processes can be exposed externally from the session. Specifying the
-P option
allows for interactive prompting of the user’s credentials, and thus eliminates the need to specify the
above mentioned environment variables.
ldaphostlist will only display attributes for hosts for which the user has sufficient privilege to view.
By default, (if the -P option nor the environment variables have been specified),
ldaphostlist will
bind to the directory server anonymously, or using the proxy user’s credentials if configured. When lda-
phostlist uses the proxy user’s credentials to bind, the information displayed may be limited. Refer to
LDAP-UX Configuration for additional information.
LDAP-UX Profile
ldaphostlist makes use of the LDAP-UX configuration profile to determine the information model
used in the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services
Administrator’s Guide for additional information about the configuration profile.
ERRORS AND WARNINGS
Upon exit,
ldaphostlist will return a 0 (zero) exit status if no errors or warnings were encountered.
A non-zero exit status will be returned if ldaphostlist encounters an error or warning and one or
more messages will be logged to stderr. Messages will follow the below format:
ERROR: code:
message
or
WARNING: code:
message
Leading extra white space may be inserted to improve readability and follow 80 column screen format-
ting.
code will be a programmatically parsable error key-string, while message will be human-readable. Refer
to LDAP-UX Client Services Administrator’s Guide for a list of possible error codes generated by the
LDAP user and group management tools.
EXTERNAL INFLUENCES
Environment Variables
LDAP_BINDDN Specified the DN of a user with sufficient directory server privilege to discover and
enumerate hosts in the LDAP directory server. While this variable is optional, if
LDAP_BINDDN is specified, LDAP_BINDCRED
must also be specified.
LDAP_BINDCRED A password or other type of credential used for the user specified by the
LDAP_BINDDN. While this variable is optional, if LDAP_BINDCRED is specified,
LDAP_BINDDN must also be specified.
LDAP-UX Configuration
If ldaphostlist binds to the directory server using the proxy user’s credential (this can happen if the
LDAP-UX is configured to use the proxy user, and credentials were not provided to
ldaphostlist,as
described in Binding to the Directory Server ), the attributes displayed by ldaphostlist may be lim-
ited. This can occur because ldaphostlist must assume that the LDAP-UX proxy user has more
rights to view data in the directory server than a non-privileged user. (For example, assume an adminis-
trator configured cn=Directory Manager as a proxy user). In this scenario, ldaphostlist will
only display the cn , ipHostNumber , and sshPublicKey attributes, even when the attr list is requested. If
LDAP-UX is configured to use the proxy user, you can indicate to ldaphostlist if the proxy user does
not have special privileges. To do so, modify the proxy_is_restricted parameter in the
/etc/opt/ldapux/ldapclientd.conf file. Setting proxy_is_restricted to "1" will allow lda-
phostlist to display any attribute requested in the attr list, if the proxy user is allowed to view that
attribute.
6 Hewlett-Packard Company − 6 − HP-UX 11i v3: June 2010 Web Release