ldapuglist.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapuglist(1M) ldapuglist(1M)

When the -t group option is speciﬁed, the following ﬁelds will be returned:

userPassword

gidNumber

memberUid

Note that when the

-m option is speciﬁed, the output format will change (for both users and groups) to:

: dn1

ﬁeld1[attribute1]: value1

ﬁeld2[attribute2]: value2

ﬁeld3[attribute3]:: base64-encodeded-value3

Special Considerations for Output Format

Multi-Valued Attributes

Although some of the attributes used in LDAP directory servers are considered multi-valued attributes,

the

ldapuglist tool will only display the ﬁrst value discovered for each RFC2307 attribute for each

entry, since these ﬁelds appear only once in a POSIX account or group.

For non-RFC2307 attributes (those speciﬁed via the attr argument list), if the attribute is multi-valued,

multiple values will be displayed. Also note that this rule does not apply to the memberUid ﬁeld since

POSIX groups may have multiple members.

Since the gecos attribute can be mapped to multiple attributes, the gecos ﬁeld may appear multiple times

in an entry if the

-m option is used, once for each mapped attribute. Example:

gecos[cn]: Bill Smith

gecos[l]: Building 6A

gecos[telephoneNUmber]: +1-555-555-4321

Non-POSIX Accounts & Groups

With the

-F option, ldapuglist can be used to display users and groups that are not posixAccounts or

posixGroups . Thus, these entries may not contain the required ﬁelds that store POSIX account and group

information (such as the uidNumber ). When displaying these entries, the speciﬁed ﬁelds will be missing

from the output.

As non-POSIX accounts and groups are not required to contain POSIX attributes, use of the

-L option

may result in unexpected output. Data between the

: characters may be empty, such as ::

x:::.

UTF-8

Since LDAP directories require data be stored according to the UTF-8 (RFC3629) character encoding

method, all characters displayed by

ldapuglist will be UTF-8, and assumed to be part of the ISO-

10646 character set. ldapuglist will not perform conversion of the locale character set to/from the

UTF-8 character set.

Unencodable Characters (Base64 Encoding)

In the output format of

ldapuglist each displayed ﬁeld will be delimited by a new line (carriage-

return and line-feed). In order to assure that ldapuglist displays only printable and LDIF encodable

characters, all characters less than 32 (ASCII space), except for 9 (ASCII horizontal tab) and the charac-

ter 127 (ASCII delete) will result in the value being converted into a base-64 encoded string. Characters

above 127 are assumed be from the UTF-8 character set, and assumed printable. If the output lines are

long, the data will not be broken into multiple lines.

Encoding of the DN

ldapuglist will display DN strings according to the encoding rules deﬁned in RFC4514. The escape

character (\) will precede special characters, which may be the character itself or a 2 digit hex represen-

tation of the character.

Passwords

In many cases,

ldapuglist will not be able to access the user or group password ﬁelds. This can occur

when:

•

ldapuglist has insufﬁcient privilege to access the password ﬁeld

• The passwords are not used to authenticate users (such as when X.500 certiﬁcates).

6 Hewlett-Packard Company − 6 − HP-UX 11i v3: June 2010 Web Release