ldapuglist.1m (2010 09)
l
ldapuglist(1M) ldapuglist(1M)
Service for the list of attributes that may be mapped.
• Specifying
-n and -f on the same command line will result in an error.
-F filter Similar to -f, except that filter is assumed to be immutable, and neither the ldapux (5)
user nor group filter from the configuration profile will be amended to the specified filter,
nor will attribute mapping apply to the filter .
NOTES:
• When
-F is used, the specified filter should still apply to either user or group entries
and match the
-t passwd or -t group
option. In other words, ldapuglist will
produce unpredictable results if the search filter specified with
-F discovers group
entries, but the
-t passwd option was specified.
• Specifying
-n and -F on the same command line will result in an error.
-N maxcount This option specifies the maximum number of entries to be returned. If this option is not
specified, the maximum number of entries to be returned is 200 by default.
Some directory servers will limit the number of entries returned for a particular search
request, regardless of how many entries are requested. If the maxcount limit is set too
high, it may not be possible to determine if a search has returned complete results, since
the directory server may have truncated the number of returned entries before reaching
the requested maximum count.
Although some directory servers will indicate if a specified search exceeds an enumera-
tion limit, if maxcount is above the directory servers internal configured limit, it is not
always possible to determine if all results have been returned. However a reasonable
assumption is that if maxcount entries have been returned, additional entries are likely
still available that match the search criteria than just those displayed.
attr Specifies additional LDAP attributes to display aside from the pre-defined RFC2307 attri-
butes for users or groups.
attr may not be used if the
-L option is specified. Attributes specified in the attr list are
assumed to not be part of RFC2307 and thus will not be mapped.
When the
-m option is specified, the output format for a value specified by an attr will
always be in the form:
attributename [attributename]
: value
Note:
ldapuglist does not allow use of the attr parameter when ldapuglist binds
to the directory server using the LDAP-UX proxy user, unless the system administrator
has attested that the proxy user does not have data access rights beyond those of a non-
privileged user. This limitation prevents regular HP-UX users from discovering LDAP
data that was previously not displayed by LDAP-UX. Use of the attr parameter requires
either that the user has permission to use the LDAP-UX Administrator Credential
(/etc/opt/ldapux/acred) or that the user specifies an identity using the
-P or
LDAP_BINDDN and LDAP_BINDCRED environment variables when running
ldapuglist.
Binding to the Directory Server
ldapuglist has been designed to take advantage of the existing ldapux (5) configuration for determin-
ing to which directory server to bind and how to perform the bind operation. ldapuglist will consult
the ldapux (5) configuration profile for the following information:
• The list of LDAP directory server hosts.
• The authentication method (simple passwords, SASL Digest MD5, etc.).
If either of the environment variables
LDAP_BINDDN and LDAP_BINDCRED have not been specified,
ldapuglist will also consult the ldapux (5) configuration for additional information:
• The type of credential (user, proxy or anonymous) to use.
• The credential used for binding as a proxy user (either
/etc/opt/ldapux/acred for administra-
tive users or /etc/opt/ldapux/pcred for non-privileged users.)
ldapuglist will display an error message if LDAP_BINDDN has been specified and LDAP_BINDCRED
has not, unless the -P option has been specified.
4 Hewlett-Packard Company − 4 − HP-UX 11i v3: June 2010 Web Release