Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for ldaplist (opensolaris section 1)

ldaplist(1)				  User Commands 			      ldaplist(1)

       ldaplist  - search and list naming information from an LDAP directory using the configured

       /usr/bin/ldaplist [-dlv] [-h LDAP_server[:serverPort] [-M domainName]
	  [-N profileName] [-a authenticationMethod] [-P certifPath]
	  [-D bindDN] [-w bindPassword] [-j passwdFile]]
	  [database [key]...]

       /usr/bin/ldaplist -g

       /usr/bin/ldaplist -h

       If the -h LDAP_server[:serverPort] option is specified, ldaplist establishes a  connection
       to  the server pointed to by the option to obtain a DUAProfile specified by the -N option.
       Then ldaplist lists the information from the  directory	described  by  the  configuration

       By  default  (if  the  -h  LDAP_server[:serverPort]  option is not specified), the utility
       searches for and lists the naming information from the LDAP directory service  defined  in
       the  LDAP  configuration files generated byldapclient(1M) during the client initialization
       phase. To use the utility in the default mode, the Solaris LDAP client must be set  up  in

       The database is either a container name or a database name as defined in nsswitch.conf(4).
       A container is a non-leaf entry in the Directory Information Tree (DIT) that contains nam-
       ing  service information. The container name is the LDAP Relative Distinguished Name (RDN)
       of the container relative to the defaultSearchBase as defined in the configuration  files.
       For  example, for a container named ou=people, the database name is the database specified
       in nsswitch.conf. This database is mapped to a container,  for  example,  passwd  maps  to
       ou=people.  If  an invalid database is specified, it is mapped to a generic container, for
       example, nisMapName=name).

       The key is the attribute value to be searched in the database. You can specify  more  than
       one  key  to  be  searched in the same database. The key can be specified in either of two
       forms: attribute=value or value. In the first case, ldaplist passes the search key to  the
       server.	In  the  latter  case,	an attribute is assigned depending on how the database is
       specified. If the database is a container name, then the "cn" attribute type is	used.  If
       the  database  is a valid database name as defined in the nsswitch.conf, then a predefined
       attribute type is used (see table below). If the database is  an  invalid  database  name,
       then cn is used as the attribute type.

       The  ldaplist  utility  relies on the Schema defined in the RFC 2307bis, currently an IETF
       draft. The data stored on the LDAP server must be stored based on this Schema, unless  the
       profile	contains  schema  mapping definitions. For more information on schema mapping see
       ldapclient(1M). The following table lists the default mapping from the database	names  to
       the  container,	the  LDAP object class, and the attribute type used if not defined in the

	 Database     Object Class     Attribute Type	 Container

	 aliases      mailGroup        cn		 ou=Aliases
	 automount    nisObject        cn		 automountMapName=auto_*
	 bootparams   bootableDevice   cn		 ou=Ethers
	 ethers       ieee802Device    cn		 ou=Ethers
	 group	      posixgroup       cn		 ou=Group
	 hosts	      ipHost	       cn		 ou=Hosts
	 ipnodes      ipHost	       cn		 ou=Hosts
	 netgroup     ipNetgroup       cn		 ou=Netgroup
	 netmasks     ipNetwork        ipnetworknumber	 ou=Networks
	 networks     ipNetwork        ipnetworknumber	 ou=Networks
	 passwd       posixAccount     uid		 ou=People
	 protocols    ipProtocol       cn		 ou=Protocols
	 publickey    nisKeyObject     uidnumber	 ou=People
				       cn		 ou=Hosts
	 rpc	      oncRpc	       cn		 ou=Rpc
	 services     ipService        cn		 ou=Services
	 printers     printerService   printer-uri	 ou=printers
	 auth_attr    SolarisAuthAttr  nameT		 ou=SolarisAuthAttr
	 prof_attr    SolarisProfAttr  nameT		 ou=SolarisProfAttr
	 exec_attr    SolarisExecAttr  nameT		 ou=SolarisProfAttr
	 user_attr    SolarisUserAttr  uidT		 ou=people
	 audit_user   SolarisAuditUser uidT		 ou=people
	 projects     SolarisProject   SolarisProjectID  ou=projects

       The following databases are available only if the system is configured with Trusted Exten-

	 tnrhtp      ipTnetTemplate   ipTnetTemplateName ou=ipTnet
	 tnrhdb      ipTnetHost       ipTnetNumber	 ou=ipTnet

	   o	  For  the  automount  database,  auto_*,  in  the  container  column, represents
		  auto_home, auto_direct, ...

	   o	  For the publickey database, if the key starts with a digit, it  is  interpreted
		  as  an  uid  number. If the key starts with a non-digit, it is interpreted as a
		  host name.

       The ldaplist utility supports substring search by using the wildcard "*" in the	key.  For
       example, "my*" matches any strings that starts with "my". In some shell environments, keys
       containing the wildcard might need to be quoted.

       If the key is not specified, all the containers in the current search baseDN is listed.

       The following options are supported:

       -a authenticationMethod

	   Specifies the authentication method. The default value is what has been configured  in
	   the profile. The supported authentication methods are:


	   Selecting  simple  causes passwords to be sent over the network in clear text. Its use
	   is strongly discouraged.

	   Additionally, if the client is configured with a profile which uses no authentication,
	   that  is,  either the credentialLevel attribute is set to anonymous or authentication-
	   Method is set to none, the user must use this  option  to  provide  an  authentication


	   Lists  the attributes for the specified database, rather than the entries. By default,
	   the entries are listed.

       -D bindDN

	   Specifies an entry which has read permission to the requested database.


	   Lists the database mapping.


	   Lists the database mapping.

	   This option has been deprecated.

       -h LDAP_server[:serverPort]

	   Specifies an address (or a name) and a port of the LDAP server from which the  entries
	   are	read. The current naming service specified in the nsswitch.conf file is used. The
	   default value for the port is 389, unless when TLS is specified in the  authentication
	   method. In this case, the default LDAP server port number is 636.

       -j passwdFile

	   Specifies  a  file containing the password for the bind DN or the password for the SSL
	   client's key database. To protect the password, use this option in scripts  and  place
	   the password in a secure file.

	   This option is mutually exclusive of the -w option.


	   Lists  all  the  attributes	for  each entry matching the search criteria. By default,
	   ldaplist lists only the Distinguished Name of the entries found.

       -M domainName

	   Specifies the name of a domain served by the specified server. If this option  is  not
	   specified, the default domain name is used.

       -N profileName

	   Specifies  a  DUAProfile  name. A profile with such a name is supposed to exist on the
	   server specified by -H option. The default value is default.

       -p certifPath

	   Specifies the certificate path to the location of the certificate database. The  value
	   is  the path where security database files reside. This is used for TLS support, which
	   is specified in the authenticationMethod and  serviceAuthenticationMethod  attributes.
	   The default is /var/ldap.

       -w bindPassword

	   Password  to  be used for authenticating the bindDN. If this parameter is missing, the
	   command prompts for a password. NULL passwords are not supported in LDAP.

	   When you use -w bind_password to specify the password to be used  for  authentication,
	   the	password  is  visible to other users of the system by means of the ps command, in
	   script files or in shell history.

	   If the value of - is supplied as a password, the command prompts for a password.


	   Sets verbose mode. The ldaplist utility also prints the filter used to search for  the
	   entry. The filter is prefixed with "+++".

       Example 1 Listing All Entries in the Hosts Database

       The following example lists all entries in the hosts database:

	 example% ldaplist hosts

       Example 2 Listing All Entries in a Non-Standard Database ou=new

       The following example lists all entries in a non-standard database:

	 example% ldaplist ou=new

       Example 3 Finding user1 in the passwd Database

       The following example finds user1 in the passwd database:

	 example% ldaplist passwd user1

       Example 4 Finding the Entry With Service Port of 4045 in the services Database

       The  following example finds the entry with the service port of 4045 in the services data-

	 example% ldaplist services ipServicePort=4045

       Example 5 Finding All Users With Username Starting with new in the passwd Database

       The following example finds all users with the username starting with new  in  the  passwd

	 example% ldaplist passwd 'new*'

       Example 6 Listing the Attributes for the hosts Database

       The following example lists the attributes for the hosts database:

	 example% ldaplist -d hosts

       Example 7 Finding user1 in the passwd Database

       The  following  example	finds  user1  in the passwd database. An LDAP server is specified

	 example% ldaplist -H \
		     -M another.domain.name -N special_duaprofile \
		     -D "cn=directory manager" -w secret \

       The following exit values are returned:

       0    Successfully matched some entries.

       1    Successfully searched the table and no matches were found.

       2    An error occurred. An error message is output.

       /var/ldap/ldap_client_file    Files that contain the LDAP configuration of the client.  Do
       /var/ldap/ldap_client_cred    not  manually modify these files. Their content is not guar-
				     anteed to be human readable.  To  update  these  files,  use

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWnisu			   |
       |Interface Stability	     |Committed 		   |

       ldap(1),  ldapadd(1),  ldapdelete(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1), idscon-
       fig(1M),    ldap_cachemgr(1M),	  ldapaddent(1M),     ldapclient(1M),	  suninstall(1M),
       resolv.conf(4), attributes(5)

       RFC  2307bis is an IETF informational document in draft stage that defines an approach for
       using LDAP as a naming service.

       Currently StartTLS is not supported by libldap.so.5, therefore the  port  number  provided
       refers  to  the	port  used  during a TLS open, versus the port used as part of a StartTLS
       sequence. For example, -h foo:1000 -a tls:simple, refers to a raw TLS open  on  host  foo,
       port  1000, not a open, StartTLS sequence on an unsecured port 1000. If port 1000 is unse-
       cured the connection is not made.

SunOS 5.11				    7 Jun 2008				      ldaplist(1)

All times are GMT -4. The time now is 04:28 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password

Not a Forum Member?
Forgot Password?