1ldaplist(1)                      User Commands                     ldaplist(1)
2
3
4

NAME

6       ldaplist  -  search  and list naming information from an LDAP directory
7       using the configured profile
8

SYNOPSIS

10       /usr/bin/ldaplist [-dlv] [-h LDAP_server[:serverPort] [-M domainName]
11          [-N profileName] [-a authenticationMethod] [-P certifPath]
12          [-D bindDN] [-w bindPassword] [-j passwdFile]]
13          [database [key]...]
14
15
16       /usr/bin/ldaplist -g
17
18
19       /usr/bin/ldaplist -h
20
21

DESCRIPTION

23       If the -h LDAP_server[:serverPort] option is specified, ldaplist estab‐
24       lishes  a connection to the server pointed to by the option to obtain a
25       DUAProfile specified by the -N option. Then ldaplist lists the informa‐
26       tion from the directory described by the configuration obtained.
27
28
29       By  default  (if  the  -h LDAP_server[:serverPort] option is not speci‐
30       fied), the utility searches for and lists the naming  information  from
31       the LDAP directory service defined in the LDAP configuration files gen‐
32       erated byldapclient(1M) during the client initialization phase. To  use
33       the utility in the default mode, the Solaris LDAP client must be set up
34       in advance.
35
36
37       The database is either a container name or a database name  as  defined
38       in  nsswitch.conf(4).  A container is a non-leaf entry in the Directory
39       Information Tree (DIT) that contains naming  service  information.  The
40       container  name  is  the  LDAP Relative Distinguished Name (RDN) of the
41       container relative to the defaultSearchBase as defined in the  configu‐
42       ration  files.  For example, for a container named ou=people, the data‐
43       base name is the database specified in nsswitch.conf. This database  is
44       mapped  to  a  container,  for example, passwd maps to ou=people. If an
45       invalid database is specified, it is mapped to a generic container, for
46       example, nisMapName=name).
47
48
49       The  key is the attribute value to be searched in the database. You can
50       specify more than one key to be searched in the same database. The  key
51       can  be  specified in either of two forms: attribute=value or value. In
52       the first case, ldaplist passes the search key to the  server.  In  the
53       latter  case, an attribute is assigned depending on how the database is
54       specified. If the database is a container name, then the "cn" attribute
55       type  is  used.  If the database is a valid database name as defined in
56       the nsswitch.conf, then a predefined attribute type is used (see  table
57       below). If the database is an invalid database name, then cn is used as
58       the attribute type.
59
60
61       The ldaplist utility relies on the Schema defined in the  RFC  2307bis,
62       currently  an  IETF  draft.  The data stored on the LDAP server must be
63       stored based on this Schema, unless the profile contains schema mapping
64       definitions. For more information on schema mapping see ldapclient(1M).
65       The following table lists the default mapping from the  database  names
66       to the container, the LDAP object class, and the attribute type used if
67       not defined in the key.
68
69         Database     Object Class     Attribute Type    Container
70
71         aliases      mailGroup        cn                ou=Aliases
72         automount    nisObject        cn                automountMapName=auto_*
73         bootparams   bootableDevice   cn                ou=Ethers
74         ethers       ieee802Device    cn                ou=Ethers
75         group        posixgroup       cn                ou=Group
76         hosts        ipHost           cn                ou=Hosts
77         ipnodes      ipHost           cn                ou=Hosts
78         netgroup     ipNetgroup       cn                ou=Netgroup
79         netmasks     ipNetwork        ipnetworknumber   ou=Networks
80         networks     ipNetwork        ipnetworknumber   ou=Networks
81         passwd       posixAccount     uid               ou=People
82         protocols    ipProtocol       cn                ou=Protocols
83         publickey    nisKeyObject     uidnumber         ou=People
84                                       cn                ou=Hosts
85         rpc          oncRpc           cn                ou=Rpc
86         services     ipService        cn                ou=Services
87         printers     printerService   printer-uri       ou=printers
88         auth_attr    SolarisAuthAttr  nameT             ou=SolarisAuthAttr
89         prof_attr    SolarisProfAttr  nameT             ou=SolarisProfAttr
90         exec_attr    SolarisExecAttr  nameT             ou=SolarisProfAttr
91         user_attr    SolarisUserAttr  uidT              ou=people
92         audit_user   SolarisAuditUser uidT              ou=people
93         projects     SolarisProject   SolarisProjectID  ou=projects
94
95
96
97
98       The following databases are available only if the system is  configured
99       with Trusted Extensions:
100
101         tnrhtp      ipTnetTemplate   ipTnetTemplateName ou=ipTnet
102         tnrhdb      ipTnetHost       ipTnetNumber       ou=ipTnet
103
104
105
106           o      For the automount database, auto_*, in the container column,
107                  represents auto_home, auto_direct, ...
108
109           o      For the publickey database, if the key starts with a  digit,
110                  it is interpreted as an uid number. If the key starts with a
111                  non-digit, it is interpreted as a host name.
112
113
114       The ldaplist utility supports substring search by  using  the  wildcard
115       "*" in the key. For example, "my*" matches any strings that starts with
116       "my". In some shell environments, keys containing  the  wildcard  might
117       need to be quoted.
118
119
120       If  the  key is not specified, all the containers in the current search
121       baseDN is listed.
122

OPTIONS

124       The following options are supported:
125
126       -a authenticationMethod
127
128           Specifies the authentication method. The default value is what  has
129           been  configured in the profile. The supported authentication meth‐
130           ods are:
131
132             simple
133             sasl/CRAM-MD5
134             sasl/DIGEST-MD5
135             tls:simple
136             tls:sasl/CRAM-MD5
137             tls:sasl/DIGEST-MD5
138
139
140           Selecting simple causes passwords to be sent over  the  network  in
141           clear text. Its use is strongly discouraged.
142
143           Additionally, if the client is configured with a profile which uses
144           no authentication, that is, either the credentialLevel attribute is
145           set  to  anonymous or authenticationMethod is set to none, the user
146           must use this option to provide an authentication method.
147
148
149       -d
150
151           Lists the attributes for the specified database,  rather  than  the
152           entries. By default, the entries are listed.
153
154
155       -D bindDN
156
157           Specifies an entry which has read permission to the requested data‐
158           base.
159
160
161       -g
162
163           Lists the database mapping.
164
165
166       -h
167
168           Lists the database mapping.
169
170           This option has been deprecated.
171
172
173       -h LDAP_server[:serverPort]
174
175           Specifies an address (or a name) and a port of the LDAP server from
176           which the entries are read. The current naming service specified in
177           the nsswitch.conf file is used. The default value for the  port  is
178           389,  unless when TLS is specified in the authentication method. In
179           this case, the default LDAP server port number is 636.
180
181
182       -j passwdFile
183
184           Specifies a file containing the password for the  bind  DN  or  the
185           password  for  the  SSL client's key database. To protect the pass‐
186           word, use this option in scripts and place the password in a secure
187           file.
188
189           This option is mutually exclusive of the -w option.
190
191
192       -l
193
194           Lists  all the attributes for each entry matching the search crite‐
195           ria. By default, ldaplist lists only the Distinguished Name of  the
196           entries found.
197
198
199       -M domainName
200
201           Specifies  the  name of a domain served by the specified server. If
202           this option is not specified, the default domain name is used.
203
204
205       -N profileName
206
207           Specifies a DUAProfile name. A profile with such a name is supposed
208           to exist on the server specified by -H option. The default value is
209           default.
210
211
212       -p certifPath
213
214           Specifies the certificate path to the location of  the  certificate
215           database.  The  value  is  the  path  where security database files
216           reside. This is used for TLS support, which  is  specified  in  the
217           authenticationMethod  and  serviceAuthenticationMethod  attributes.
218           The default is /var/ldap.
219
220
221       -w bindPassword
222
223           Password to be used for authenticating the bindDN. If this  parame‐
224           ter  is missing, the command prompts for a password. NULL passwords
225           are not supported in LDAP.
226
227           When you use -w bind_password to specify the password  to  be  used
228           for  authentication,  the password is visible to other users of the
229           system by means of the ps command, in script files or in shell his‐
230           tory.
231
232           If  the  value  of - is supplied as a password, the command prompts
233           for a password.
234
235
236       -v
237
238           Sets verbose mode. The ldaplist utility also prints the filter used
239           to search for the entry. The filter is prefixed with "+++".
240
241

EXAMPLES

243       Example 1 Listing All Entries in the Hosts Database
244
245
246       The following example lists all entries in the hosts database:
247
248
249         example% ldaplist hosts
250
251
252
253       Example 2 Listing All Entries in a Non-Standard Database ou=new
254
255
256       The following example lists all entries in a non-standard database:
257
258
259         example% ldaplist ou=new
260
261
262
263       Example 3 Finding user1 in the passwd Database
264
265
266       The following example finds user1 in the passwd database:
267
268
269         example% ldaplist passwd user1
270
271
272
273       Example  4  Finding the Entry With Service Port of 4045 in the services
274       Database
275
276
277       The following example finds the entry with the service port of 4045  in
278       the services database:
279
280
281         example% ldaplist services ipServicePort=4045
282
283
284
285       Example  5  Finding  All  Users  With Username Starting with new in the
286       passwd Database
287
288
289       The following example finds all users with the username  starting  with
290       new in the passwd database:
291
292
293         example% ldaplist passwd 'new*'
294
295
296
297       Example 6 Listing the Attributes for the hosts Database
298
299
300       The following example lists the attributes for the hosts database:
301
302
303         example% ldaplist -d hosts
304
305
306
307       Example 7 Finding user1 in the passwd Database
308
309
310       The  following  example  finds  user1  in  the passwd database. An LDAP
311       server is specified explicitly.
312
313
314         example% ldaplist -H 10.10.10.10:3890 \
315                     -M another.domain.name -N special_duaprofile \
316                     -D "cn=directory manager" -w secret \
317                     user1
318
319
320

EXIT STATUS

322       The following exit values are returned:
323
324       0    Successfully matched some entries.
325
326
327       1    Successfully searched the table and no matches were found.
328
329
330       2    An error occurred. An error message is output.
331
332

FILES

334       /var/ldap/ldap_client_file    Files that contain the LDAP configuration
335       /var/ldap/ldap_client_cred    of  the  client.  Do  not manually modify
336                                     these files. Their content is not guaran‐
337                                     teed  to  be  human  readable.  To update
338                                     these files, use ldapclient(1M)
339
340

ATTRIBUTES

342       See attributes(5) for descriptions of the following attributes:
343
344
345
346
347       ┌─────────────────────────────┬─────────────────────────────┐
348       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
349       ├─────────────────────────────┼─────────────────────────────┤
350       │Availability                 │SUNWnisu                     │
351       ├─────────────────────────────┼─────────────────────────────┤
352       │Interface Stability          │Committed                    │
353       └─────────────────────────────┴─────────────────────────────┘
354

SEE ALSO

356       ldap(1),  ldapadd(1),  ldapdelete(1),   ldapmodify(1),   ldapmodrdn(1),
357       ldapsearch(1),  idsconfig(1M), ldap_cachemgr(1M), ldapaddent(1M), ldap‐
358       client(1M), suninstall(1M), resolv.conf(4), attributes(5)
359

NOTES

361       RFC 2307bis is an IETF  informational  document  in  draft  stage  that
362       defines an approach for using LDAP as a naming service.
363
364
365       Currently StartTLS is not supported by libldap.so.5, therefore the port
366       number provided refers to the port used during a TLS open,  versus  the
367       port  used  as part of a StartTLS sequence. For example, -h foo:1000 -a
368       tls:simple, refers to a raw TLS open on host  foo,  port  1000,  not  a
369       open,  StartTLS  sequence  on  an  unsecured port 1000. If port 1000 is
370       unsecured the connection is not made.
371
372
373
374SunOS 5.11                        7 Jun 2008                       ldaplist(1)
Impressum