ldapuglist.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapuglist(1M) ldapuglist(1M)

-n name Provides a simpliﬁed method for discovering a single account or group. Use of

-n is the

same as

-f"(uid=name)" for accounts and

-f"(cn=cname)" for groups.

-F and -f may not be speciﬁed on the command line if

-n is used.

-b base This option overrides the search base as deﬁned in the ldapux (5) conﬁguration. base is a

distinguished name (DN) that describes the highest location in the directory tree where

to start the search. If unspeciﬁed,

ldapuglist will use the defaultSearchBase as

deﬁned in the LDAP-UX conﬁguration proﬁle.

-s scope This option overrides the search scope as deﬁned in the ldapux (5) conﬁguration. scope

speciﬁes how deep in the directory tree

ldapuglist should search. scope may be one

base, one,orsub,where:

base only performs a search on the base speciﬁed above,

one searches all entries that are child entries of the base , and

sub searches all entries below, including the base.

-f filter Speciﬁes an LDAP-style search ﬁlter, ﬁlter , used to select speciﬁc entries from the LDAP

directory. When

-f is used, the ﬁlter speciﬁed by ﬁlter is assumed to apply to either

POSIX-style users or groups (depending on if the

-t passwd or -t group option is

speciﬁed). This means the ﬁlter speciﬁed with

-f will be amended with the default

ldapux (5) search ﬁlter for either the user or group object types.

In addition, when

-f is used, if a known attribute for the particular service (see the lists

deﬁned under OUTPUT FORMAT), has been mapped as deﬁned by the ldapux (5)

conﬁguration proﬁle, then the mapped attribute name will be substituted in the search

ﬁlter.

Using an example with the following command:

ldapuglist -t passwd -f "(uidNumber=52345)"

And assuming the LDAP-UX product has been conﬁgured as follows:

• The conﬁguration proﬁle deﬁnes the search ﬁlter for the

passwd service as

(objectclass=posixAccount)

• The uidNumber attribute for the passwd service has been mapped to the employ-

eeNumber attribute.

Then the actual search ﬁlter used by

ldapuglist would be:

(&(objectclass=posixAccount)(employeeNumber=52345))

The -f option also supports generation of search ﬁlters for multi-mapped attributes,

gecos and memberUid . In the case of gecos, each mapped attribute would be used in the

search ﬁlter using the LDAP and operation (&). And in the case of memberUid, each

mapped attribute would be used in the search ﬁlter using the LDAP

or operation (|).

For an example using gecos : assume gecos has been mapped to cn, l, and

telephoneNumber. If the argument to

-f is (gecos=Jane Smith,BLD-5D,555-

1212), then the resulting search ﬁlter presented to the LDAP directory server would be:

(&(objectclass=posixAccount)(&(cn=Jane Smith)

(l=BLD-5D)(telephoneNumber=555-1212)))

Using an example for memberUid , assume memberUid has been mapped to member and

memberUid . If the argument to -f is (memberUid=jsmith), then the resulting

search ﬁlter presented to the LDAP directory server would be:

(&(objectclass=posixGroup)(|(member=

cn=Jane Smith,ou=people,ou=myorg,dc=myco,dc=com)

(memberUid=jsmith)))

NOTES:

• When

-f is used and any of the attributes speciﬁed in the search ﬁlter have been

mapped to *NULL*, ldapuglist will return an error.

• Attributes that are not part of the LDAP-UX conﬁguration proﬁle mapping will not be

modiﬁed. Refer to RFC2307: An Approach for Using LDAP as a Network Information

HP-UX 11i v3: June 2010 Web Release − 3 − Hewlett-Packard Company 3