 |
» |
|
|
|
NAMEldapcfinfo — programmatically provides LDAP-UX information to non-interactive applications SYNOPSISldapcfinfo -h ldapcfinfo
[-t
type] ldapcfinfo
[-t
type]
{-A | -P | -D
| -L | -b | -s
| -f |
-m atobName[,...]} ldapcfinfo
[-t
type]
-L ldapcfinfo
{-t type | -T template_file} -R ldapcfinfo
[-t
type]
-a DN DESCRIPTIONldapcfinfo
allows non-interactive applications to programmatically discover information
about LDAP-UX configuration, including: If LDAP-UX is properly configured and active. LDAP-UX configuration profile location. LDAP-UX configuration profile information. Required attributes when creating new users or groups.
The following is a summary of
ldapcfinfo
commands: ldapcfinfo
[-t
type]
Discover if LDAP-UX is properly configured for the specified service
type. ldapcfinfo
[-t
type]
{-A|-P|-D
|-L|-b|-s
|-f|-m
atobName[,...]} Display information about the active LDAP-UX configuration profile. ldapcfinfo
[-t
type]
-L Display the list of default and user defined template files. ldapcfinfo
{-t type | -T template_file} -R Discover the list of required attributes in the specified (or default) template
file. ldapcfinfo
[-t
type]
-a DN Discover a suggested list of modifiable attributes for the specified entry.
Options- -t type
Specifies the service name for which to retrieve configuration information. Possible service names are:
passwd,
group,
netgroup,
services,
rpc,
hosts,
networks,
automount,
automountmap,
publickey,
protocols,
and
pam. If the
-t
argument is not specified,
ldapcfinfo
assumes the
passwd
name service (if applicable to the argument specified).
If the
-t
option is the only argument specified on the command line,
ldapcfinfo
will report if LDAP-UX is properly configured and active for the
specified service. - -A
Reports if the user running the
ldapcfinfo
command has the ability to use the LDAP administrator's credential,
if configured. ldapcfinfo
returns zero exit status if the user has rights to access the LDAP
administrator's credential.
ldapcfinfo
returns a non-zero exit status if not. Please refer to the section titled
Configure LDAP-UX Client Services with Publickey Support
in the
LDAP-UX Client Services Administrator's Guide
for additional details about the LDAP-UX administrator credential.
This document can be found at
http://docs.hp.com/en/internet.html. - -P
Displays the distinguished name of the LDAP-UX
configuration profile and LDAP server which hosts that profile.
Format will be: dn: disginguishedName host: hostname/ip:port If SSL or TLS is required to download the profile,
host:
will be replaced with
hostssl:. - -R
Displays the required attributes as defined in the default template file
or the template file specified with the
-T
option. If the
-T
option is not specified,
then
-t passwd
or
-t group
must be specified to indicate which default template file should be examined. Each attribute required by the requested template file will appear on separate
lines, one per line.
Since the RFC2307 POSIX attributes are a static known list and required,
only non-posix attributes will be displayed. - -T template_file
Specifies the LDIF template file used to create new user or group entries.
The
template_file
parameter may either be a full or relative path name or a "short" name. The
-T
option is ignored unless the
-R
option is also specified. Refer to the
ldapugadd(1M)
manpage for a description about template file naming and specification of
the
template_file
option. - -L
Displays the list of available template files for the service specified
with the
-t
option.
The full path name of the template files will be displayed, each on a separate
line. - -D
Displays the default configuration values for the
ldapugadd
command.
When
-t passwd
is specified, the
uid range, default gid, default home and default shell values are displayed.
When the
-t group
is specified, the gid range is displayed. - -b
Displays the primary (first) configured search base for a particular
service as defined with the
-t
option.
If the
-t
option is not specified, the LDAP-UX
default search base will be displayed. Output format for the
-b
option will follow the format defined in RFC4514,
Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names. - -s
Displays the primary (first) configured search scope for a particular
service as defined with the
-t
option.
If the
-t
option is not specified, the LDAP-UX
default search base for passwd will be displayed. Output format for the
-s
option will be either
base,
one,
or
sub,
which represents the search scopes as defined in RFC4516,
Lightweight Directory Access Protocal (LDAP):
Uniform Resource Locator. - -f
Displays the primary (first) configured search filter for the
particular service defined with the
-t
option. If the
-t
option is not specified, the
passwd
service will be assumed. Output format will be an LDAP filter following the format defined by RFC4515,
Lightweight Directory Access Protocol (LDAP): - -h
Display brief help text. - -m atobName[,...]
Displays attribute or objectclass
mapping for the requested attribute
or objectclass name.
atobName
is either one of the RFC2307 attributes or the objectclass defined for the
specific service requested. If the requested attribute is mapped to more than one target attribute, each
target attribute will be displayed on the same line, separated by white space.
See example usage and output below. Note that attribute and objectclass names are considered case-insensitive.
atobName
may be specified multiple times in a comma separated list.
No white space should appear in the list. - -a DN
Displays the recommended list of attributes that an interactive management
tool should consider making available for modification for the specified entry. Note that specification of the
-t
option is required in order for this operation to function properly.
NoteSince each
-a,
-D,
-A,
-P,
-R,
-L,
-b,
-f,
-h,
and
-m
options all generate varying output formats, only one of these options may
be used per invocation of the
ldapcfinfo
command.
Use of multiple of the above options in a single command line may prevent
distinguishing which output applies to which option, and will result in
an error. The
-T
option is ignored unless the
-R
option is specified. EXAMPLESTo display the attribute mapping for the gecos attribute (assuming it has
been mapped to
cn,
l,
and
telephoneNumber)
use:
# ldapcfinfo -t passwd -m gecos
gecos=cn l telephoneNumber To display the default search base as configured by the LDAP-UX
configuration profile use:
# ldapcfinfo -b
ou=example org,dc=example,dc=com To display the default search base for the group name service
(assuming
ou=Groups
has been configured as the search base for the groups name service) use:
# ldapcfinfo -t group -b
ou=Groups,ou=example org,dc=example,dc=com To display the non-POSIX attributes required by
ldapugadd
command for the
passwd
name service (assuming the default file
/etc/opt/ldapux/ug_templates/ug_passwd_default.tmpl)
use:
# ldapcfinfo -t passwd -R
sn To display the location of the LDAP-UX configuration profile use:
# ldapcfinfo -P
dn: cn=ldapux-profile,ou=example org,dc=example,dc=com
host: 10.42.222.15:389 To display attribute mapping for the
passwd
service, and assuming the
uidNumber
attribute has been mapped to
employeeNumber
and the gecos has been mapped to the three attributes,
cn,
l,
and
telephoneNumber,
use:
# ldapcfinfo -t passwd -m uid,uidNumber,gecos
uid=uid
uidNumber=employeeNumber
gecos=cn l telephoneNumber To display the mapped objectclass and related attributes for the
publickey
service, and assuming that
objectclass
has been mapped to
pkiUser,
use:
# ldapcfinfo -t publickey -m niskeyobject,nispublickey,nissecretkey
niskeyobject=pkiUser
nispublickey=userCertificate
nissecretkey=*NULL*
Note: The above example is for demonstration only and does not imply the
ability of LDAP-UX to be able to translate an X.509 userCertificate into an
NIS public key.
RETURN VALUEUpon exit,
ldapcfinfo
returns the following:
- 0
Success.
ldapcfinfo
exits with no errors or with one or more warnings. - <>0
ldapcfinfo
returns with a non-zero exit status if it
encounters an error, and messages will be logged to
stderr. Messages will follow the below format:
or
Leading extra white space may be inserted to improve readability and
follow 80 column screen formatting.
- code
will be a programmatically parsable error key-string, while - message
will be human-readable.
Refer to the
LDAP-UX Client Services Administrator's Guide
for a list of possible error codes generated by the LDAP user and group
management tools.
|