HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

l
ldapuglist(1M) ldapuglist(1M)
-F and -f may not be specified on the command line if
-n is used.
-b base This option overrides the search base as defined in the LDAP-UX configuration. base is a
distinguished name (DN) that describes the highest location in the directory tree where to
start the search. If unspecified,
ldapuglist
will use the defaultSearchBase as defined
in the LDAP-UX configuration profile.
-s scope This option overrides the search scope as defined in the LDAP-UX configuration. scope
specifies how deep in the directory tree
ldapuglist should search. scope may be one of
base, one,orsub,where:
base only performs a search on the base specified above,
one searches all entries that are child entries of the base, and
sub searches all entries below, including the base.
-f filter Specifies an LDAP-style search filter, filter, used to select specific entries from the LDAP
directory. When
-f is used, the filter specified by filter is assumed to apply to either
POSIX-style users or groups (depending on if the
-t passwd or -t group option is
specified). This means the filter specified with
-f will be amended with the default LDAP-
UX search filter for either the user or group object types.
In addition, when -f is used, if a known attribute for the particular service (see the lists
defined under OUTPUT FORMAT), has been mapped as defined by the LDAP-UX
configuration profile, then the mapped attribute name will be substituted in the search
filter.
Using an example with the following command:
ldapuglist -t passwd -f "(uidNumber=52345)"
And assuming the LDAP-UX product has been configured as follows:
The configuration profile defines the search filter for the
passwd service as
(objectclass=posixAccount)
The uidNumber attribute for the passwd service has been mapped to the employ-
eeNumber attribute.
Then the actual search filter used by ldapuglist would be:
(&(objectclass=posixAccount)(employeeNumber=52345))
The -f option also supports generation of search filters for multi-mapped attributes, gecos
and memberUid. In the case of gecos, each mapped attribute would be used in the search
filter using the LDAP and operation (&). And in the case of memberUid, each mapped
attribute would be used in the search filter using the LDAP
or operation (|).
For an example using gecos: assume gecos has been mapped to cn, l, and
telephoneNumber. If the argument to
-f is (gecos=Jane Smith,BLD-5D,555-
1212)
, then the resulting search filter presented to the LDAP directory server would be:
(&(objectclass=posixAccount)(&(cn=Jane Smith)
(l=BLD-5D)(telephoneNumber=555-1212)))
Using an example for memberUid, assume memberUid has been mapped to member and
memberUid. If the argument to -f is (memberUid=jsmith), then the resulting
search filter presented to the LDAP directory server would be:
(&(objectclass=posixGroup)(|(member=
cn=Jane Smith,ou=people,ou=myorg,dc=myco,dc=com)
(memberUid=jsmith)))
NOTES:
When -f is used and any of the attributes specified in the search filter have been
mapped to *NULL*, ldapuglist will return an error.
Attributes that are not part of the LDAP-UX configuration profile mapping will not be
modified. Refer to RFC2307: An Approach for Using LDAP as a Network Information
Service for the list of attributes that may be mapped.
HP-UX 11i Version 2: December 2007 Update 3 Hewlett-Packard Company 481