ldaplist man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

ldaplist(1)			 User Commands			   ldaplist(1)

NAME
       ldaplist	 -  search  and list naming information from an LDAP directory
       using the configured profile

SYNOPSIS
       /usr/bin/ldaplist [-dlv] [-h LDAP_server[:serverPort] [-M domainName]
	  [-N profileName] [-a authenticationMethod] [-P certifPath]
	  [-D bindDN] [-w bindPassword] [-j passwdFile]]
	  [database [key]...]

       /usr/bin/ldaplist -g

       /usr/bin/ldaplist -h


DESCRIPTION
       If the -h LDAP_server[:serverPort] option is specified, ldaplist estab‐
       lishes  a connection to the server pointed to by the option to obtain a
       DUAProfile specified by the -N option. Then ldaplist lists the informa‐
       tion from the directory described by the configuration obtained.

       By  default  (if	 the  -h LDAP_server[:serverPort] option is not speci‐
       fied), the utility searches for and lists the naming  information  from
       the LDAP directory service defined in the LDAP configuration files gen‐
       erated byldapclient(1M) during the client initialization phase. To  use
       the utility in the default mode, the Solaris LDAP client must be set up
       in advance.

       The database is either a container name or a database name  as  defined
       in  nsswitch.conf(4).  A container is a non-leaf entry in the Directory
       Information Tree (DIT) that contains naming  service  information.  The
       container  name	is  the	 LDAP Relative Distinguished Name (RDN) of the
       container relative to the defaultSearchBase as defined in the  configu‐
       ration  files.  For example, for a container named ou=people, the data‐
       base name is the database specified in nsswitch.conf. This database  is
       mapped  to  a  container,  for example, passwd maps to ou=people. If an
       invalid database is specified, it is mapped to a generic container, for
       example, nisMapName=name).

       The  key is the attribute value to be searched in the database. You can
       specify more than one key to be searched in the same database. The  key
       can  be	specified in either of two forms: attribute=value or value. In
       the first case, ldaplist passes the search key to the  server.  In  the
       latter  case, an attribute is assigned depending on how the database is
       specified. If the database is a container name, then the "cn" attribute
       type  is	 used.	If the database is a valid database name as defined in
       the nsswitch.conf, then a predefined attribute type is used (see	 table
       below). If the database is an invalid database name, then cn is used as
       the attribute type.

       The ldaplist utility relies on the Schema defined in the	 RFC  2307bis,
       currently  an  IETF  draft.  The data stored on the LDAP server must be
       stored based on this Schema, unless the profile contains schema mapping
       definitions. For more information on schema mapping see ldapclient(1M).
       The following table lists the default mapping from the  database	 names
       to the container, the LDAP object class, and the attribute type used if
       not defined in the key.

	 Database     Object Class     Attribute Type	 Container

	 aliases      mailGroup	       cn		 ou=Aliases
	 automount    nisObject	       cn		 automountMapName=auto_*
	 bootparams   bootableDevice   cn		 ou=Ethers
	 ethers	      ieee802Device    cn		 ou=Ethers
	 group	      posixgroup       cn		 ou=Group
	 hosts	      ipHost	       cn		 ou=Hosts
	 ipnodes      ipHost	       cn		 ou=Hosts
	 netgroup     ipNetgroup       cn		 ou=Netgroup
	 netmasks     ipNetwork	       ipnetworknumber	 ou=Networks
	 networks     ipNetwork	       ipnetworknumber	 ou=Networks
	 passwd	      posixAccount     uid		 ou=People
	 protocols    ipProtocol       cn		 ou=Protocols
	 publickey    nisKeyObject     uidnumber	 ou=People
				       cn		 ou=Hosts
	 rpc	      oncRpc	       cn		 ou=Rpc
	 services     ipService	       cn		 ou=Services
	 printers     printerService   printer-uri	 ou=printers
	 auth_attr    SolarisAuthAttr  nameT		 ou=SolarisAuthAttr
	 prof_attr    SolarisProfAttr  nameT		 ou=SolarisProfAttr
	 exec_attr    SolarisExecAttr  nameT		 ou=SolarisProfAttr
	 user_attr    SolarisUserAttr  uidT		 ou=people
	 audit_user   SolarisAuditUser uidT		 ou=people
	 projects     SolarisProject   SolarisProjectID	 ou=projects

       The following databases are available only if the system is  configured
       with Trusted Extensions:

	 tnrhtp	     ipTnetTemplate   ipTnetTemplateName ou=ipTnet
	 tnrhdb	     ipTnetHost	      ipTnetNumber	 ou=ipTnet

	   o	  For the automount database, auto_*, in the container column,
		  represents auto_home, auto_direct, ...

	   o	  For the publickey database, if the key starts with a	digit,
		  it is interpreted as an uid number. If the key starts with a
		  non-digit, it is interpreted as a host name.

       The ldaplist utility supports substring search by  using	 the  wildcard
       "*" in the key. For example, "my*" matches any strings that starts with
       "my". In some shell environments, keys containing  the  wildcard	 might
       need to be quoted.

       If  the	key is not specified, all the containers in the current search
       baseDN is listed.

OPTIONS
       The following options are supported:

       -a authenticationMethod

	   Specifies the authentication method. The default value is what  has
	   been	 configured in the profile. The supported authentication meth‐
	   ods are:

	     simple
	     sasl/CRAM-MD5
	     sasl/DIGEST-MD5
	     tls:simple
	     tls:sasl/CRAM-MD5
	     tls:sasl/DIGEST-MD5

	   Selecting simple causes passwords to be sent over  the  network  in
	   clear text. Its use is strongly discouraged.

	   Additionally, if the client is configured with a profile which uses
	   no authentication, that is, either the credentialLevel attribute is
	   set	to  anonymous or authenticationMethod is set to none, the user
	   must use this option to provide an authentication method.

       -d

	   Lists the attributes for the specified database,  rather  than  the
	   entries. By default, the entries are listed.

       -D bindDN

	   Specifies an entry which has read permission to the requested data‐
	   base.

       -g

	   Lists the database mapping.

       -h

	   Lists the database mapping.

	   This option has been deprecated.

       -h LDAP_server[:serverPort]

	   Specifies an address (or a name) and a port of the LDAP server from
	   which the entries are read. The current naming service specified in
	   the nsswitch.conf file is used. The default value for the  port  is
	   389,	 unless when TLS is specified in the authentication method. In
	   this case, the default LDAP server port number is 636.

	   The format to specify the address  and  port	 number	 for  an  IPv6
	   address is:

	     [ipv6_addr]:port

	   To specify the address and port number for an IPv4 address, use the
	   following format:

	     ipv4_addr:port

	   If the host name is specified, use the format:

	     host_name:port

       -j passwdFile

	   Specifies a file containing the password for the  bind  DN  or  the
	   password  for  the  SSL client's key database. To protect the pass‐
	   word, use this option in scripts and place the password in a secure
	   file.

	   This option is mutually exclusive of the -w option.

       -l

	   Lists  all the attributes for each entry matching the search crite‐
	   ria. By default, ldaplist lists only the Distinguished Name of  the
	   entries found.

       -M domainName

	   Specifies  the  name of a domain served by the specified server. If
	   this option is not specified, the default domain name is used.

       -N profileName

	   Specifies a DUAProfile name. A profile with such a name is supposed
	   to exist on the server specified by -H option. The default value is
	   default.

       -p certifPath

	   Specifies the certificate path to the location of  the  certificate
	   database.  The  value  is  the  path	 where security database files
	   reside. This is used for TLS support, which	is  specified  in  the
	   authenticationMethod	 and  serviceAuthenticationMethod  attributes.
	   The default is /var/ldap.

       -w bindPassword

	   Password to be used for authenticating the bindDN. If this  parame‐
	   ter	is missing, the command prompts for a password. NULL passwords
	   are not supported in LDAP.

	   When you use -w bind_password to specify the password  to  be  used
	   for	authentication,	 the password is visible to other users of the
	   system by means of the ps command, in script files or in shell his‐
	   tory.

	   If  the  value  of - is supplied as a password, the command prompts
	   for a password.

       -v

	   Sets verbose mode. The ldaplist utility also prints the filter used
	   to search for the entry. The filter is prefixed with "+++".

EXAMPLES
       Example 1 Listing All Entries in the Hosts Database

       The following example lists all entries in the hosts database:

	 example% ldaplist hosts

       Example 2 Listing All Entries in a Non-Standard Database ou=new

       The following example lists all entries in a non-standard database:

	 example% ldaplist ou=new

       Example 3 Finding user1 in the passwd Database

       The following example finds user1 in the passwd database:

	 example% ldaplist passwd user1

       Example	4  Finding the Entry With Service Port of 4045 in the services
       Database

       The following example finds the entry with the service port of 4045  in
       the services database:

	 example% ldaplist services ipServicePort=4045

       Example	5  Finding  All	 Users	With Username Starting with new in the
       passwd Database

       The following example finds all users with the username	starting  with
       new in the passwd database:

	 example% ldaplist passwd 'new*'

       Example 6 Listing the Attributes for the hosts Database

       The following example lists the attributes for the hosts database:

	 example% ldaplist -d hosts

       Example 7 Finding user1 in the passwd Database

       The  following  example	finds  user1  in  the passwd database. An LDAP
       server is specified explicitly.

	 example% ldaplist -H 10.10.10.10:3890 \
		     -M another.domain.name -N special_duaprofile \
		     -D "cn=directory manager" -w secret \
		     user1

EXIT STATUS
       The following exit values are returned:

       0    Successfully matched some entries.

       1    Successfully searched the table and no matches were found.

       2    An error occurred. An error message is output.

FILES
       /var/ldap/ldap_client_file    Files that contain the LDAP configuration
       /var/ldap/ldap_client_cred    of	 the  client.  Do  not manually modify
				     these files. Their content is not guaran‐
				     teed  to  be  human  readable.  To update
				     these files, use ldapclient(1M)

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWnisu			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Committed			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       ldap(1),	 ldapadd(1),  ldapdelete(1),   ldapmodify(1),	ldapmodrdn(1),
       ldapsearch(1),  idsconfig(1M), ldap_cachemgr(1M), ldapaddent(1M), ldap‐
       client(1M), suninstall(1M), resolv.conf(4), attributes(5)

NOTES
       RFC 2307bis is an IETF  informational  document	in  draft  stage  that
       defines an approach for using LDAP as a naming service.

       Currently StartTLS is not supported by libldap.so.5, therefore the port
       number provided refers to the port used during a TLS open,  versus  the
       port  used  as part of a StartTLS sequence. For example, -h foo:1000 -a
       tls:simple, refers to a raw TLS open on host  foo,  port	 1000,	not  a
       open,  StartTLS	sequence  on  an  unsecured port 1000. If port 1000 is
       unsecured the connection is not made.

SunOS 5.10			  8 Apr 2011			   ldaplist(1)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net