HPlogo HP-UX Reference > L

ldapcfinfo(1M)

HP-UX 11i Version 2: December 2007 Update
» 

Technical documentation

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

ldapcfinfo — programmatically provides LDAP-UX information to non-interactive applications

SYNOPSIS

ldapcfinfo -h

ldapcfinfo [-t type]

ldapcfinfo [-t type] {-A | -P | -D | -L | -b | -s | -f | -m atobName[,...]}

ldapcfinfo [-t type] -L

ldapcfinfo {-t type | -T template_file} -R

ldapcfinfo [-t type] -a DN

DESCRIPTION

ldapcfinfo allows non-interactive applications to programmatically discover information about LDAP-UX configuration, including:

  • If LDAP-UX is properly configured and active.

  • LDAP-UX configuration profile location.

  • LDAP-UX configuration profile information.

  • Required attributes when creating new users or groups.

The following is a summary of ldapcfinfo commands:

ldapcfinfo [-t type]

  • Discover if LDAP-UX is properly configured for the specified service type.

    ldapcfinfo [-t type] {-A|-P|-D |-L|-b|-s |-f|-m atobName[,...]}

  • Display information about the active LDAP-UX configuration profile.

    ldapcfinfo [-t type] -L

  • Display the list of default and user defined template files.

    ldapcfinfo {-t type | -T template_file} -R

  • Discover the list of required attributes in the specified (or default) template file.

    ldapcfinfo [-t type] -a DN

  • Discover a suggested list of modifiable attributes for the specified entry.

Options

-t type

Specifies the service name for which to retrieve configuration information.

Possible service names are: passwd, group, netgroup, services, rpc, hosts, networks, automount, automountmap, publickey, protocols, and pam.

If the -t argument is not specified, ldapcfinfo assumes the passwd name service (if applicable to the argument specified). If the -t option is the only argument specified on the command line, ldapcfinfo will report if LDAP-UX is properly configured and active for the specified service.

-A

Reports if the user running the ldapcfinfo command has the ability to use the LDAP administrator's credential, if configured.

ldapcfinfo returns zero exit status if the user has rights to access the LDAP administrator's credential. ldapcfinfo returns a non-zero exit status if not.

Please refer to the section titled Configure LDAP-UX Client Services with Publickey Support in the LDAP-UX Client Services Administrator's Guide for additional details about the LDAP-UX administrator credential. This document can be found at http://docs.hp.com/en/internet.html.

-P

Displays the distinguished name of the LDAP-UX configuration profile and LDAP server which hosts that profile. Format will be:

dn: disginguishedName

host: hostname/ip:port

If SSL or TLS is required to download the profile, host: will be replaced with hostssl:.

-R

Displays the required attributes as defined in the default template file or the template file specified with the -T option.

If the -T option is not specified, then -t passwd or -t group must be specified to indicate which default template file should be examined.

Each attribute required by the requested template file will appear on separate lines, one per line. Since the RFC2307 POSIX attributes are a static known list and required, only non-posix attributes will be displayed.

-T template_file

Specifies the LDIF template file used to create new user or group entries. The template_file parameter may either be a full or relative path name or a "short" name.

The -T option is ignored unless the -R option is also specified.

Refer to the ldapugadd(1M) manpage for a description about template file naming and specification of the template_file option.

-L

Displays the list of available template files for the service specified with the -t option. The full path name of the template files will be displayed, each on a separate line.

-D

Displays the default configuration values for the ldapugadd command. When -t passwd is specified, the uid range, default gid, default home and default shell values are displayed. When the -t group is specified, the gid range is displayed.

-b

Displays the primary (first) configured search base for a particular service as defined with the -t option. If the -t option is not specified, the LDAP-UX default search base will be displayed.

Output format for the -b option will follow the format defined in RFC4514, Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names.

-s

Displays the primary (first) configured search scope for a particular service as defined with the -t option. If the -t option is not specified, the LDAP-UX default search base for passwd will be displayed.

Output format for the -s option will be either base, one, or sub, which represents the search scopes as defined in RFC4516, Lightweight Directory Access Protocal (LDAP): Uniform Resource Locator.

-f

Displays the primary (first) configured search filter for the particular service defined with the -t option.

If the -t option is not specified, the passwd service will be assumed.

Output format will be an LDAP filter following the format defined by RFC4515, Lightweight Directory Access Protocol (LDAP):

-h

Display brief help text.

-m atobName[,...]

Displays attribute or objectclass mapping for the requested attribute or objectclass name. atobName is either one of the RFC2307 attributes or the objectclass defined for the specific service requested.

If the requested attribute is mapped to more than one target attribute, each target attribute will be displayed on the same line, separated by white space. See example usage and output below.

Note that attribute and objectclass names are considered case-insensitive. atobName may be specified multiple times in a comma separated list. No white space should appear in the list.

-a DN

Displays the recommended list of attributes that an interactive management tool should consider making available for modification for the specified entry.

Note that specification of the -t option is required in order for this operation to function properly.

Note

Since each -a, -D, -A, -P, -R, -L, -b, -f, -h, and -m options all generate varying output formats, only one of these options may be used per invocation of the ldapcfinfo command. Use of multiple of the above options in a single command line may prevent distinguishing which output applies to which option, and will result in an error.

The -T option is ignored unless the -R option is specified.

EXAMPLES

To display the attribute mapping for the gecos attribute (assuming it has been mapped to cn, l, and telephoneNumber) use:

# ldapcfinfo -t passwd -m gecos gecos=cn l telephoneNumber

To display the default search base as configured by the LDAP-UX configuration profile use:

# ldapcfinfo -b ou=example org,dc=example,dc=com

To display the default search base for the group name service (assuming ou=Groups has been configured as the search base for the groups name service) use:

# ldapcfinfo -t group -b ou=Groups,ou=example org,dc=example,dc=com

To display the non-POSIX attributes required by ldapugadd command for the passwd name service (assuming the default file /etc/opt/ldapux/ug_templates/ug_passwd_default.tmpl) use:

# ldapcfinfo -t passwd -R sn

To display the location of the LDAP-UX configuration profile use:

# ldapcfinfo -P dn: cn=ldapux-profile,ou=example org,dc=example,dc=com host: 10.42.222.15:389

To display attribute mapping for the passwd service, and assuming the uidNumber attribute has been mapped to employeeNumber and the gecos has been mapped to the three attributes, cn, l, and telephoneNumber, use:

# ldapcfinfo -t passwd -m uid,uidNumber,gecos uid=uid uidNumber=employeeNumber gecos=cn l telephoneNumber

To display the mapped objectclass and related attributes for the publickey service, and assuming that objectclass has been mapped to pkiUser, use:

# ldapcfinfo -t publickey -m niskeyobject,nispublickey,nissecretkey niskeyobject=pkiUser nispublickey=userCertificate nissecretkey=*NULL*

  • Note: The above example is for demonstration only and does not imply the ability of LDAP-UX to be able to translate an X.509 userCertificate into an NIS public key.

RETURN VALUE

Upon exit, ldapcfinfo returns the following:

0

Success. ldapcfinfo exits with no errors or with one or more warnings.

<>0

ldapcfinfo returns with a non-zero exit status if it encounters an error, and messages will be logged to stderr.

Messages will follow the below format:

ERROR:

code

message

or

WARNING:

code

message

Leading extra white space may be inserted to improve readability and follow 80 column screen formatting.

code

will be a programmatically parsable error key-string, while

message

will be human-readable. Refer to the LDAP-UX Client Services Administrator's Guide for a list of possible error codes generated by the LDAP user and group management tools.

SEE ALSO

ldapugadd(1M), ldapugdel(1M), ldapuglist(1M), ldapugmod(1M), ldapux(5).



lanscan
  		 


ldapclientd