1ldaplist(1) User Commands ldaplist(1)
2
3
4
6 ldaplist - search and list naming information from an LDAP directory
7 using the configured profile
8
10 /usr/bin/ldaplist [-dlv] [-h LDAP_server[:serverPort] [-M domainName]
11 [-N profileName] [-a authenticationMethod] [-P certifPath]
12 [-D bindDN] [-w bindPassword] [-j passwdFile]]
13 [database [key]...]
14
15
16 /usr/bin/ldaplist -g
17
18
19 /usr/bin/ldaplist -h
20
21
23 If the -h LDAP_server[:serverPort] option is specified, ldaplist estab‐
24 lishes a connection to the server pointed to by the option to obtain a
25 DUAProfile specified by the -N option. Then ldaplist lists the informa‐
26 tion from the directory described by the configuration obtained.
27
28
29 By default (if the -h LDAP_server[:serverPort] option is not speci‐
30 fied), the utility searches for and lists the naming information from
31 the LDAP directory service defined in the LDAP configuration files gen‐
32 erated byldapclient(1M) during the client initialization phase. To use
33 the utility in the default mode, the Solaris LDAP client must be set up
34 in advance.
35
36
37 The database is either a container name or a database name as defined
38 in nsswitch.conf(4). A container is a non-leaf entry in the Directory
39 Information Tree (DIT) that contains naming service information. The
40 container name is the LDAP Relative Distinguished Name (RDN) of the
41 container relative to the defaultSearchBase as defined in the configu‐
42 ration files. For example, for a container named ou=people, the data‐
43 base name is the database specified in nsswitch.conf. This database is
44 mapped to a container, for example, passwd maps to ou=people. If an
45 invalid database is specified, it is mapped to a generic container, for
46 example, nisMapName=name).
47
48
49 The key is the attribute value to be searched in the database. You can
50 specify more than one key to be searched in the same database. The key
51 can be specified in either of two forms: attribute=value or value. In
52 the first case, ldaplist passes the search key to the server. In the
53 latter case, an attribute is assigned depending on how the database is
54 specified. If the database is a container name, then the "cn" attribute
55 type is used. If the database is a valid database name as defined in
56 the nsswitch.conf, then a predefined attribute type is used (see table
57 below). If the database is an invalid database name, then cn is used as
58 the attribute type.
59
60
61 The ldaplist utility relies on the Schema defined in the RFC 2307bis,
62 currently an IETF draft. The data stored on the LDAP server must be
63 stored based on this Schema, unless the profile contains schema mapping
64 definitions. For more information on schema mapping see ldapclient(1M).
65 The following table lists the default mapping from the database names
66 to the container, the LDAP object class, and the attribute type used if
67 not defined in the key.
68
69 Database Object Class Attribute Type Container
70
71 aliases mailGroup cn ou=Aliases
72 automount nisObject cn automountMapName=auto_*
73 bootparams bootableDevice cn ou=Ethers
74 ethers ieee802Device cn ou=Ethers
75 group posixgroup cn ou=Group
76 hosts ipHost cn ou=Hosts
77 ipnodes ipHost cn ou=Hosts
78 netgroup ipNetgroup cn ou=Netgroup
79 netmasks ipNetwork ipnetworknumber ou=Networks
80 networks ipNetwork ipnetworknumber ou=Networks
81 passwd posixAccount uid ou=People
82 protocols ipProtocol cn ou=Protocols
83 publickey nisKeyObject uidnumber ou=People
84 cn ou=Hosts
85 rpc oncRpc cn ou=Rpc
86 services ipService cn ou=Services
87 printers printerService printer-uri ou=printers
88 auth_attr SolarisAuthAttr nameT ou=SolarisAuthAttr
89 prof_attr SolarisProfAttr nameT ou=SolarisProfAttr
90 exec_attr SolarisExecAttr nameT ou=SolarisProfAttr
91 user_attr SolarisUserAttr uidT ou=people
92 audit_user SolarisAuditUser uidT ou=people
93 projects SolarisProject SolarisProjectID ou=projects
94
95
96
97
98 The following databases are available only if the system is configured
99 with Trusted Extensions:
100
101 tnrhtp ipTnetTemplate ipTnetTemplateName ou=ipTnet
102 tnrhdb ipTnetHost ipTnetNumber ou=ipTnet
103
104
105
106 o For the automount database, auto_*, in the container column,
107 represents auto_home, auto_direct, ...
108
109 o For the publickey database, if the key starts with a digit,
110 it is interpreted as an uid number. If the key starts with a
111 non-digit, it is interpreted as a host name.
112
113
114 The ldaplist utility supports substring search by using the wildcard
115 "*" in the key. For example, "my*" matches any strings that starts with
116 "my". In some shell environments, keys containing the wildcard might
117 need to be quoted.
118
119
120 If the key is not specified, all the containers in the current search
121 baseDN is listed.
122
124 The following options are supported:
125
126 -a authenticationMethod
127
128 Specifies the authentication method. The default value is what has
129 been configured in the profile. The supported authentication meth‐
130 ods are:
131
132 simple
133 sasl/CRAM-MD5
134 sasl/DIGEST-MD5
135 tls:simple
136 tls:sasl/CRAM-MD5
137 tls:sasl/DIGEST-MD5
138
139
140 Selecting simple causes passwords to be sent over the network in
141 clear text. Its use is strongly discouraged.
142
143 Additionally, if the client is configured with a profile which uses
144 no authentication, that is, either the credentialLevel attribute is
145 set to anonymous or authenticationMethod is set to none, the user
146 must use this option to provide an authentication method.
147
148
149 -d
150
151 Lists the attributes for the specified database, rather than the
152 entries. By default, the entries are listed.
153
154
155 -D bindDN
156
157 Specifies an entry which has read permission to the requested data‐
158 base.
159
160
161 -g
162
163 Lists the database mapping.
164
165
166 -h
167
168 Lists the database mapping.
169
170 This option has been deprecated.
171
172
173 -h LDAP_server[:serverPort]
174
175 Specifies an address (or a name) and a port of the LDAP server from
176 which the entries are read. The current naming service specified in
177 the nsswitch.conf file is used. The default value for the port is
178 389, unless when TLS is specified in the authentication method. In
179 this case, the default LDAP server port number is 636.
180
181
182 -j passwdFile
183
184 Specifies a file containing the password for the bind DN or the
185 password for the SSL client's key database. To protect the pass‐
186 word, use this option in scripts and place the password in a secure
187 file.
188
189 This option is mutually exclusive of the -w option.
190
191
192 -l
193
194 Lists all the attributes for each entry matching the search crite‐
195 ria. By default, ldaplist lists only the Distinguished Name of the
196 entries found.
197
198
199 -M domainName
200
201 Specifies the name of a domain served by the specified server. If
202 this option is not specified, the default domain name is used.
203
204
205 -N profileName
206
207 Specifies a DUAProfile name. A profile with such a name is supposed
208 to exist on the server specified by -H option. The default value is
209 default.
210
211
212 -p certifPath
213
214 Specifies the certificate path to the location of the certificate
215 database. The value is the path where security database files
216 reside. This is used for TLS support, which is specified in the
217 authenticationMethod and serviceAuthenticationMethod attributes.
218 The default is /var/ldap.
219
220
221 -w bindPassword
222
223 Password to be used for authenticating the bindDN. If this parame‐
224 ter is missing, the command prompts for a password. NULL passwords
225 are not supported in LDAP.
226
227 When you use -w bind_password to specify the password to be used
228 for authentication, the password is visible to other users of the
229 system by means of the ps command, in script files or in shell his‐
230 tory.
231
232 If the value of - is supplied as a password, the command prompts
233 for a password.
234
235
236 -v
237
238 Sets verbose mode. The ldaplist utility also prints the filter used
239 to search for the entry. The filter is prefixed with "+++".
240
241
243 Example 1 Listing All Entries in the Hosts Database
244
245
246 The following example lists all entries in the hosts database:
247
248
249 example% ldaplist hosts
250
251
252
253 Example 2 Listing All Entries in a Non-Standard Database ou=new
254
255
256 The following example lists all entries in a non-standard database:
257
258
259 example% ldaplist ou=new
260
261
262
263 Example 3 Finding user1 in the passwd Database
264
265
266 The following example finds user1 in the passwd database:
267
268
269 example% ldaplist passwd user1
270
271
272
273 Example 4 Finding the Entry With Service Port of 4045 in the services
274 Database
275
276
277 The following example finds the entry with the service port of 4045 in
278 the services database:
279
280
281 example% ldaplist services ipServicePort=4045
282
283
284
285 Example 5 Finding All Users With Username Starting with new in the
286 passwd Database
287
288
289 The following example finds all users with the username starting with
290 new in the passwd database:
291
292
293 example% ldaplist passwd 'new*'
294
295
296
297 Example 6 Listing the Attributes for the hosts Database
298
299
300 The following example lists the attributes for the hosts database:
301
302
303 example% ldaplist -d hosts
304
305
306
307 Example 7 Finding user1 in the passwd Database
308
309
310 The following example finds user1 in the passwd database. An LDAP
311 server is specified explicitly.
312
313
314 example% ldaplist -H 10.10.10.10:3890 \
315 -M another.domain.name -N special_duaprofile \
316 -D "cn=directory manager" -w secret \
317 user1
318
319
320
322 The following exit values are returned:
323
324 0 Successfully matched some entries.
325
326
327 1 Successfully searched the table and no matches were found.
328
329
330 2 An error occurred. An error message is output.
331
332
334 /var/ldap/ldap_client_file Files that contain the LDAP configuration
335 /var/ldap/ldap_client_cred of the client. Do not manually modify
336 these files. Their content is not guaran‐
337 teed to be human readable. To update
338 these files, use ldapclient(1M)
339
340
342 See attributes(5) for descriptions of the following attributes:
343
344
345
346
347 ┌─────────────────────────────┬─────────────────────────────┐
348 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
349 ├─────────────────────────────┼─────────────────────────────┤
350 │Availability │SUNWnisu │
351 ├─────────────────────────────┼─────────────────────────────┤
352 │Interface Stability │Committed │
353 └─────────────────────────────┴─────────────────────────────┘
354
356 ldap(1), ldapadd(1), ldapdelete(1), ldapmodify(1), ldapmodrdn(1),
357 ldapsearch(1), idsconfig(1M), ldap_cachemgr(1M), ldapaddent(1M), ldap‐
358 client(1M), suninstall(1M), resolv.conf(4), attributes(5)
359
361 RFC 2307bis is an IETF informational document in draft stage that
362 defines an approach for using LDAP as a naming service.
363
364
365 Currently StartTLS is not supported by libldap.so.5, therefore the port
366 number provided refers to the port used during a TLS open, versus the
367 port used as part of a StartTLS sequence. For example, -h foo:1000 -a
368 tls:simple, refers to a raw TLS open on host foo, port 1000, not a
369 open, StartTLS sequence on an unsecured port 1000. If port 1000 is
370 unsecured the connection is not made.
371
372
373
374SunOS 5.11 7 Jun 2008 ldaplist(1)