HP-UX Reference (11i v2 07/12) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

481

482

483

484

485

486

487

488

489

490

ldapuglist(1M) ldapuglist(1M)

Once connected, ldapuglist will ﬁrst determine if the environment variables

LDAP_BINDDN and

LDAP_BINDCRED

have been speciﬁed. If so, then ldapuglist will attempt to bind to the directory

server using the speciﬁed credentials and conﬁgured LDAP-UX authentication method.

If the above mentioned environment variables have not been speciﬁed, then

ldapuglist will determine

if the conﬁgured credential type is "proxy" and if so, attempt to bind to the directory server using the

conﬁgured LDAP-UX proxy credential. If conﬁgured, the acred proxy credential will be used for adminis-

trative users (determined if the user running

ldapuglist has enough privilege to read the

/etc/opt/ldapux/acred

ﬁle). Otherwise the credential conﬁgured in

/etc/opt/ldapux/pcred

will be used.

Note: to prevent discovery of the LDAP administrator’s credentials, the LDAP user DN and password may

not be speciﬁed as command-line options to the

ldapuglist utility.

Security Considerations

In order to support non-interactive use of the

ldapuglist command, speciﬁcation of the LDAP

administrator’s credentials is required through use of the

LDAP_BINDDN and LDAP_BINDCRED

environ-

ment variables. To prevent exposure of these environment variables, they should be unset after use.

Note also that

shells command history log may contain copies of the executed commands that show set-

ting of these variables. Access to a shell’s history ﬁle must be protected. Speciﬁcation of the LDAP

administrator’s credentials on the command line is not allowed since information about the currently run-

ning processes can be exposed externally from the session.

Use of the -P eliminates the need to set the mentioned environment variables by interactively prompting

for the required credentials.

LDAP-UX PROFILE

ldapuglist makes use of the LDAP-UX conﬁguration proﬁle to determine the information model used

in the directory server to store POSIX attributes. Please refer to the LDAP-UX Client Services

Administrator’s Guide for additional information about the conﬁguration proﬁle.

OUTPUT FORMAT

Output from

ldapuglist will follow a consistent format, regardless of which attributes are used to

deﬁne information in an LDAP directory. The output format is:

dn: dn1

ﬁeld1: value1

ﬁeld2: value2

ﬁeld3:: base64-encodeded-value3

dn: dn2

ﬁeld1: value1

ﬁeld2: value2

Each entry will be preceded by a DN, followed by one or more ﬁeld-value pairs. The DN and each ﬁeld-

value pair will be on a separate line, separated by a carriage-return and line-feed character. The ﬁeld and

value will be separated by a colon and space character. And each entry will be separated by a blank line.

In the case when an unencodable character is encountered (carriage-return or line-feed for example) in a

value string, the whole value will be base64 encoded and the ﬁeld-value separator will change to two colons

and a space character. See Unencodable Characters below. When the -t passwd option is speciﬁed, the

following ﬁelds will be returned:

uid

userPassword

uidNumber

gidNumber

homeDirectory

loginShell

gecos

When the -t group option is speciﬁed, the following ﬁelds will be returned:

userPassword

HP-UX 11i Version 2: December 2007 Update − 5 − Hewlett-Packard Company 483