HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

471

472

473

474

475

476

477

478

479

480

ldapuglist(1M) ldapuglist(1M)

/etc/passwd format:

uid:userPasswd

:uidNumbr:gidNumbr:gecos:homeDirectory

:loginShell

/etc/group format:

cn:userPasswd

:gidNumber,memberUid,...

The -m option is ignored when the

-L option is speciﬁed. The attr parameter list is invalid when

the

-L option is speciﬁed.

-P Prompt for the bind identity (typically LDAP DN or Kerberos principal) and bind password.

Without -P, ldapuglist will discover the bind identity and password either from the environ-

ment variables LDAP_BINDDN and LDAP_BINDCRED

. If the LDAP_BINDDN or

LDAP_BINDCRED environment variables have not been speciﬁed,

ldapuglist will follow the

bind conﬁguration speciﬁed in the LDAP-UX conﬁguration proﬁle.

If LDAP-UX has speciﬁed "proxy" bind, the bind credential will be read from either the

/etc/opt/ldapux/acred

or /etc/opt/ldapux/pcred

ﬁle. The acred ﬁle will only be

used by users that have sufﬁcient administrative privilege to read that ﬁle. Refer to Binding to the

Directory Server below for additional details.

-Z Requires an SSL connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of SSL.

Use of -Z requires either a valid directory server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db

ﬁle. An error will occur if the SSL connection could not be

established. Refer to Binding to the Directory Server below for additional details.

-ZZ Attempt a TLS connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of TLS. If a TLS connection is unable to be established a non-TLS and non-SSL

connection will be established.

Use of -ZZ is not recommended unless alternative methods are used to protect from network

eavesdropping. Use of -ZZ

requires either a valid server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db

ﬁle. Refer to Binding to the Directory Server

below for additional details.

-ZZZ Requires a TLS connection to the directory server, even if the LDAP-UX conﬁguration does not

require the use of TLS.

Use of -ZZZ requires either a valid directory server or CA certiﬁcate be deﬁned in the

/etc/opt/ldapux/cert8.db

ﬁle. An error will occur if the TLS connection could not be

established. Refer to Binding to the Directory Server below for additional details.

Arguments

-t type Speciﬁes which service type ldapuglist will use to display or enumerate entries. The

service type can be either passwd or group,where:

passwd implies posixAccount-type entries and,

group implies posixGroup-type entries.

Speciﬁcation of the type parameter indicates how to handle processing of search ﬁlters (

-f)

and attribute mapping. If the

-t option is not speciﬁed, ldapuglist will assume the

passwd type.

-h hostname Speciﬁes the host name and optional port number (hostname:port) of the directory server.

This option overrides the server list conﬁgured by LDAP-UX.

This ﬁeld supports speciﬁcation of IPv4 and IPv6 addresses. Note that when a port is

speciﬁed for an IPv6 address, the IPv6 address must be speciﬁed in square-bracketed form.

If the optional port is unspeciﬁed, the port number is assumed to be 389 or 636 for SSL con-

nections (-Z). Refer to Binding to the Directory Server below for additional details.

-p port Speciﬁes the port number of the directory server to contact. This option is ignored if the

port number is speciﬁed in the hostname as part of the -h option. Refer to Bindinding to

the Directory Server below for additional details.

-n name Provides a simpliﬁed method for discovering a single account or group. Use of -n is the

same as -f"(uid=name)" for accounts and -f"(cn=cname)" for groups.

480 Hewlett-Packard Company − 2 − HP-UX 11i Version 2: December 2007 Update