HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)
l
ldapuglist(1M) ldapuglist(1M)
• Specifying -n and -f
on the same command line will result in an error.
-F filter Similar to -f, except that filter is assumed to be immutable, and neither the LDAP-UX
user nor group filter from the configuration profile will be amended to the specified filter,
nor will attribute mapping apply to the filter.
NOTES:
• When
-F is used, the specified filter should still apply to either user or group entries
and match the
-t passwd or
-t group option. In other words, ldapuglist will
produce unpredictable results if the search filter specified with
-F
discovers group
entries, but the
-t passwd option was specified.
• Specifying -n and -F on the same command line will result in an error.
-N maxcount This option specifies the maximum number of entries to be returned. If this option is not
specified, the maximum number of entries to be returned is 200 by default.
Some directory servers will limit the number of entries returned for a particular search
request, regardless of how many entries are requested. If the maxcount limit is set too
high, it may not be possible to determine if a search has returned complete results, since
the directory server may have truncated the number of returned entries before reaching
the requested maximum count.
Although some directory servers will indicate if a specified search exceeds an enumeration
limit, if maxcount is above the directory servers internal configured limit, it is not always
possible to determine if all results have been returned. However a reasonable assumption
is that if maxcount entries have been returned, additional entries are likely still available
that match the search criteria than just those displayed.
attr Specifies additional LDAP attributes to display aside from the pre-defined RFC2307 attri-
butes for users or groups.
attr may not be used if the
-L option is specified. Attributes specified in the attr list are
assumed to not be part of RFC2307 and thus will not be mapped.
When the
-m option is specified, the output format for a value specified by an attr will
always be in the form:
attributename[attributename]
: value
Note:
ldapuglist does not allow use of the attr parameter when ldapuglist binds
to the directory server using the LDAP-UX proxy user. This limitation prevents regular
HP-UX users from discovering LDAP data that was previously not displayed by LDAP-UX.
Use of the attr parameter requires either that the user has permission to use the LDAP-UX
Administrator Credential (/etc/opt/ldapux/acred
) or that the user specifies an
identity using the
-P or LDAP_BINDDN and LDAP_BINDCRED
environment variables
when running
ldapuglist.
Binding to the Directory Server
ldapuglist has been designed to take advantage of the existing LDAP-UX configuration for determining
to which directory server to bind and how to perform the bind operation. ldapuglist will consult the
LDAP-UX configuration profile for the following information:
• The list of LDAP directory server hosts.
• The authentication method (simple passwords, SASL Digest MD5, etc.).
If either of the environment variables LDAP_BINDDN and LDAP_BINDCRED have not been specified,
ldapuglist will also consult the LDAP-UX configuration for additional information:
• The type of credential (user, proxy or anonymous) to use.
• The credential used for binding as a proxy user (either /etc/opt/ldapux/acred for administra-
tive users or
/etc/opt/ldapux/pcred for non-privileged users.)
ldapuglist will display an error message if LDAP_BINDDN has been specified and LDAP_BINDCRED
has not, unless the -P option has been specified.
As with LDAP-UX, ldapuglist will attempt to contact the first available directory server as defined in
the LDAP-UX host list. As soon as a connection is established, further directory servers on the host list will
not be contacted.
482 Hewlett-Packard Company − 4 − HP-UX 11i Version 2: December 2007 Update