HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

471

472

473

474

475

476

477

478

479

480

ldapuglist(1M) ldapuglist(1M)

NAME

ldapuglist - display and enumerate POSIX-like account and group entries in an LDAP directory server

SYNOPSIS

ldapuglist [options][-t type][

-h hostname][-p port][-b base][

-s scope]

[

-n name |{-f

|-F} ﬁlter][-N maxcount][attr...]

DESCRIPTION

ldapuglist is a command-line tool used to display and enumerate POSIX-like account and group entries

that reside in an LDAP directory server.

Although ldapuglist provides similar output as compared with the

ldapsearch command, it has

been provided to meet a few speciﬁc feature requirements. These features allow applications to discover

and evaluate account and group information stored in an LDAP directory server, without requiring inti-

mate knowledge of the methods used retrieve and evaluate that information in the LDAP directory server.

Except for the optional trailing attr list, all parameters speciﬁed above are not positional dependent.

•

ldapuglist uses the existing LDAP-UX conﬁguration, requiring minimal command-line options to

discover where to search for account/group information, such as which directory server(s) to contact and

proper search ﬁlters for ﬁnding accounts and groups. This tool provides command options that allow

you to alter these conﬁguration parameters.

• ldapuglist uses the existing LDAP-UX authentication conﬁguration to determine how to bind to the

LDAP directory server.

• ldapuglist supports attribute mapping as conﬁgured by LDAP-UX. Fields returned from

ldapuglist will use a consistent format, similar to that deﬁned by RFC2307, even when different

attributes are actually used to store the information in the directory server.

Note, that although that format is similar to LDIF, it is not LDIF. Major differences include:

• Objectclasses will not be displayed.

• By default only POSIX-related attributes will be displayed by

ldapuglist , unless an attribute list

is speciﬁcally requested on the command line.

• Output lines will not be broken after 80 columns.

Options

-m When -m is speciﬁed, ldapuglist will expose the names of the mapped attributes when return-

ing results. Normally ldapuglist will return results as:

ﬁeldname: value

where:

fieldname is one of the pre-deﬁned RFC2307 attribute names.

value is the resulting value for that ﬁeld, after attribute mapping has been applied.

With -m, the actual attribute name will be exposed as follows:

ﬁeldname[attributename]: value

For example, if the RFC2307 attribute gecos has been mapped to the cn, l (location), and

telephoneNumber attributes, without the -m option, the output of the gecos ﬁeld would appear as:

gecos: value-of-cn,value-of-l,value-of-telephoneNumber,

When -m is used, and assuming the same conditions as above, the output representing the gecos

ﬁeld would appear as:

gecos[cn]: value-of-cn

gecos[l]: value-of-l

gecos[telephoneNumber]: value-of-telephoneNumber

Note that when a ﬁeld has been mapped to multiple attributes, those attributes will appear in the

order as deﬁned in the LDAP-UX conﬁguration.

The -m option does not apply if the -L option is speciﬁed.

-L Display the password or group output in the following formats:

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 479