Unleashed v1.4

[unleashed.git] / share / man / man1 / ldaplist.1

'\" te
.\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH LDAPLIST 1 "May 13, 2017"
.SH NAME
ldaplist \- search and list naming information from an LDAP directory using the
configured profile
.SH SYNOPSIS
.LP
.nf
\fB/usr/bin/ldaplist\fR [\fB-dlv\fR] [\fB-h\fR \fILDAP_server\fR[\fB:\fR\fIserverPort\fR] [\fB-M\fR \fIdomainName\fR]
   [\fB-N\fR \fIprofileName\fR] [\fB-a\fR \fIauthenticationMethod\fR] [\fB-P\fR \fIcertifPath\fR]
   [\fB-D\fR \fIbindDN\fR] [\fB-w\fR \fIbindPassword\fR] [\fB-j\fR \fIpasswdFile\fR]]
   [\fIdatabase\fR [\fIkey\fR]...]
.fi

.LP
.nf
\fB/usr/bin/ldaplist\fR \fB-g\fR
.fi

.LP
.nf
\fB/usr/bin/ldaplist\fR \fB-h\fR
.fi

.SH DESCRIPTION
.LP
If the \fB-h\fR \fILDAP_server\fR\fB[:\fR\fIserverPort\fR\fB]\fR option is
specified, \fBldaplist\fR establishes a connection to the server pointed to by
the option to obtain a \fIDUAProfile\fR specified by the \fB-N\fR option. Then
\fBldaplist\fR lists the information from the directory described by the
configuration obtained.
.sp
.LP
By default (if the \fB-h\fR \fILDAP_server\fR\fB[:\fR\fIserverPort\fR\fB]\fR
option is not specified), the utility searches for and lists the naming
information from the LDAP directory service defined in the LDAP configuration
files generated by \fBldapclient\fR(8) during the client initialization phase.
To use the utility in the default mode, the Solaris LDAP client must be set up
in advance.
.sp
.LP
The database is either a container name or a database name as defined in
\fBnsswitch.conf\fR(4). A container is a non-leaf entry in the Directory
Information Tree (DIT) that contains naming service information. The container
name is the LDAP Relative Distinguished Name (RDN) of the container relative to
the \fBdefaultSearchBase\fR as defined in the configuration files. For example,
for a container named \fBou=people\fR, the database name is the database
specified in \fBnsswitch.conf\fR. This database is mapped to a container, for
example, \fBpasswd\fR maps to \fBou=people\fR. If an invalid database is
specified, it is mapped to a generic container, for example,
\fBnisMapName=name\fR).
.sp
.LP
The key is the attribute value to be searched in the database. You can specify
more than one key to be searched in the same database. The key can be specified
in either of two forms: \fIattribute\fR=\fIvalue\fR or \fIvalue\fR. In the
first case, \fBldaplist\fR passes the search key to the server. In the latter
case, an attribute is assigned depending on how the database is specified. If
the database is a container name, then the "\fBcn\fR" attribute type is used.
If the database is a valid database name as defined in the \fBnsswitch.conf\fR,
then a predefined attribute type is used (see table below). If the database is
an invalid database name, then \fBcn\fR is used as the attribute type.
.sp
.LP
The \fBldaplist\fR utility relies on the Schema defined in the \fIRFC
2307bis\fR, currently an IETF draft. The data stored on the LDAP server must be
stored based on this Schema, unless the profile contains schema mapping
definitions. For more information on schema mapping see \fBldapclient\fR(8).
The following table lists the default mapping from the database names to the
container, the LDAP object class, and the attribute type used if not defined in
the key.
.sp
.in +2
.nf
Database     Object Class     Attribute Type    Container

aliases      mailGroup        cn                ou=Aliases
automount    nisObject        cn                automountMapName=auto_*
bootparams   bootableDevice   cn                ou=Ethers
ethers       ieee802Device    cn                ou=Ethers
group        posixgroup       cn                ou=Group
hosts        ipHost           cn                ou=Hosts
ipnodes      ipHost           cn                ou=Hosts
netgroup     ipNetgroup       cn                ou=Netgroup
netmasks     ipNetwork        ipnetworknumber   ou=Networks
networks     ipNetwork        ipnetworknumber   ou=Networks
passwd       posixAccount     uid               ou=People
protocols    ipProtocol       cn                ou=Protocols
publickey    nisKeyObject     uidnumber         ou=People
                              cn                ou=Hosts
rpc          oncRpc           cn                ou=Rpc
services     ipService        cn                ou=Services
printers     printerService   printer-uri       ou=printers
auth_attr    SolarisAuthAttr  nameT             ou=SolarisAuthAttr
prof_attr    SolarisProfAttr  nameT             ou=SolarisProfAttr
exec_attr    SolarisExecAttr  nameT             ou=SolarisProfAttr
user_attr    SolarisUserAttr  uidT              ou=people
projects     SolarisProject   SolarisProjectID  ou=projects
.fi
.in -2
.sp

.RS +4
.TP
.ie t \(bu
.el o
For the \fBautomount\fR database, \fBauto_*\fR, in the container column,
represents \fBauto_home\fR, \fBauto_direct\fR, \&.\|.\|.
.RE
.RS +4
.TP
.ie t \(bu
.el o
For the \fBpublickey\fR database, if the key starts with a digit, it is
interpreted as an uid number. If the key starts with a non-digit, it is
interpreted as a host name.
.RE
.sp
.LP
The \fBldaplist\fR utility supports substring search by using the wildcard
"\fB*\fR" in the key. For example, "\fBmy*\fR" matches any strings that starts
with "\fBmy\fR". In some shell environments, keys containing the wildcard might
need to be quoted.
.sp
.LP
If the key is not specified, all the containers in the current search
\fBbaseDN\fR is listed.
.SH OPTIONS
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-a\fR \fIauthenticationMethod\fR\fR
.ad
.sp .6
.RS 4n
Specifies the authentication method. The default value is what has been
configured in the profile. The supported authentication methods are:
.sp
.in +2
.nf
simple
sasl/CRAM-MD5
sasl/DIGEST-MD5
tls:simple
tls:sasl/CRAM-MD5
tls:sasl/DIGEST-MD5
.fi
.in -2
.sp

Selecting \fBsimple\fR causes passwords to be sent over the network in clear
text. Its use is strongly discouraged.
.sp
Additionally, if the client is configured with a profile which uses no
authentication, that is, either the \fIcredentialLevel\fR attribute is set to
\fBanonymous\fR or \fIauthenticationMethod\fR is set to \fBnone\fR, the user
must use this option to provide an authentication method.
.RE

.sp
.ne 2
.na
\fB\fB-d\fR\fR
.ad
.sp .6
.RS 4n
Lists the attributes for the specified database, rather than the entries. By
default, the entries are listed.
.RE

.sp
.ne 2
.na
\fB\fB-D\fR \fIbindDN\fR\fR
.ad
.sp .6
.RS 4n
Specifies an entry which has read permission to the requested database.
.RE

.sp
.ne 2
.na
\fB\fB-g\fR\fR
.ad
.sp .6
.RS 4n
Lists the database mapping.
.RE

.sp
.ne 2
.na
\fB\fB-h\fR\fR
.ad
.sp .6
.RS 4n
Lists the database mapping.
.sp
This option has been deprecated.
.RE

.sp
.ne 2
.na
\fB\fB-h\fR \fILDAP_server[:serverPort]\fR\fR
.ad
.sp .6
.RS 4n
Specifies an address (or a name) and a port of the LDAP server from which the
entries are read. The current naming service specified in the
\fBnsswitch.conf\fR file is used. The default value for the port is \fB389\fR,
unless when TLS is specified in the authentication method. In this case, the
default LDAP server port number is \fB636\fR.
.RE

.sp
.ne 2
.na
\fB\fB-j\fR \fIpasswdFile\fR\fR
.ad
.sp .6
.RS 4n
Specifies a file containing the password for the bind DN or the password for
the SSL client's key database. To protect the password, use this option in
scripts and place the password in a secure file.
.sp
This option is mutually exclusive of the \fB-w\fR option.
.RE

.sp
.ne 2
.na
\fB\fB-l\fR\fR
.ad
.sp .6
.RS 4n
Lists all the attributes for each entry matching the search criteria. By
default, \fBldaplist\fR lists only the Distinguished Name of the entries found.
.RE

.sp
.ne 2
.na
\fB\fB-M\fR \fIdomainName\fR\fR
.ad
.sp .6
.RS 4n
Specifies the name of a domain served by the specified server. If this option
is not specified, the default domain name is used.
.RE

.sp
.ne 2
.na
\fB\fB-N\fR \fIprofileName\fR\fR
.ad
.sp .6
.RS 4n
Specifies a DUAProfile name. A profile with such a name is supposed to exist on
the server specified by \fB-H\fR option. The default value is default.
.RE

.sp
.ne 2
.na
\fB\fB-p\fR \fIcertifPath\fR\fR
.ad
.sp .6
.RS 4n
Specifies the certificate path to the location of the certificate database. The
value is the path where security database files reside. This is used for TLS
support, which is specified in the \fIauthenticationMethod\fR and
\fIserviceAuthenticationMethod\fR attributes. The default is \fB/var/ldap\fR.
.RE

.sp
.ne 2
.na
\fB\fB-w\fR \fIbindPassword\fR\fR
.ad
.sp .6
.RS 4n
Password to be used for authenticating the \fIbindDN\fR. If this parameter is
missing, the command prompts for a password. NULL passwords are not supported
in LDAP.
.sp
When you use \fB-w\fR \fIbind_password\fR to specify the password to be used
for authentication, the password is visible to other users of the system by
means of the \fBps\fR command, in script files or in shell history.
.sp
If the value of \fB-\fR is supplied as a password, the command prompts for a
password.
.RE

.sp
.ne 2
.na
\fB\fB-v\fR\fR
.ad
.sp .6
.RS 4n
Sets verbose mode. The \fBldaplist\fR utility also prints the filter used to
search for the entry. The filter is prefixed with "\fB+++\fR".
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRListing All Entries in the Hosts Database
.sp
.LP
The following example lists all entries in the \fBhosts\fR database:

.sp
.in +2
.nf
example% \fBldaplist hosts\fR
.fi
.in -2
.sp

.LP
\fBExample 2 \fRListing All Entries in a Non-Standard Database \fBou=new\fR
.sp
.LP
The following example lists all entries in a non-standard database:

.sp
.in +2
.nf
example% \fBldaplist ou=new\fR
.fi
.in -2
.sp

.LP
\fBExample 3 \fRFinding \fBuser1\fR in the \fBpasswd\fR Database
.sp
.LP
The following example finds \fBuser1\fR in the \fBpasswd\fR database:

.sp
.in +2
.nf
example% \fBldaplist passwd user1\fR
.fi
.in -2
.sp

.LP
\fBExample 4 \fRFinding the Entry With Service Port of \fB4045\fR in the
\fBservices\fR Database
.sp
.LP
The following example finds the entry with the service port of \fB4045\fR in
the \fBservices\fR database:

.sp
.in +2
.nf
example% \fBldaplist services ipServicePort=4045\fR
.fi
.in -2
.sp

.LP
\fBExample 5 \fRFinding All Users With Username Starting with \fBnew\fR in the
\fBpasswd\fR Database
.sp
.LP
The following example finds all users with the username starting with \fBnew\fR
in the \fBpasswd\fR database:

.sp
.in +2
.nf
example% \fBldaplist passwd 'new*'\fR
.fi
.in -2
.sp

.LP
\fBExample 6 \fRListing the Attributes for the \fBhosts\fR Database
.sp
.LP
The following example lists the attributes for the \fBhosts\fR database:

.sp
.in +2
.nf
example% \fBldaplist -d hosts\fR
.fi
.in -2
.sp

.LP
\fBExample 7 \fRFinding \fBuser1\fR in the \fBpasswd\fR Database
.sp
.LP
The following example finds \fBuser1\fR in the \fBpasswd\fR database. An LDAP
server is specified explicitly.

.sp
.in +2
.nf
example% \fBldaplist -H 10.10.10.10:3890 \e
            -M another.domain.name -N special_duaprofile \e
            -D "cn=directory manager" -w secret \e
            user1\fR
.fi
.in -2
.sp

.SH EXIT STATUS
.LP
The following exit values are returned:
.sp
.ne 2
.na
\fB\fB0\fR\fR
.ad
.RS 5n
Successfully matched some entries.
.RE

.sp
.ne 2
.na
\fB\fB1\fR\fR
.ad
.RS 5n
Successfully searched the table and no matches were found.
.RE

.sp
.ne 2
.na
\fB\fB2\fR\fR
.ad
.RS 5n
An error occurred. An error message is output.
.RE

.SH FILES
.ne 2
.na
\fB\fB/var/ldap/ldap_client_file\fR\fR
.ad
.br
.na
\fB\fB/var/ldap/ldap_client_cred\fR\fR
.ad
.RS 30n
Files that contain the LDAP configuration of the client. Do not manually modify
these files. Their content is not guaranteed to be human readable. To update
these files, use \fBldapclient\fR(8)
.RE

.SH ATTRIBUTES
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Interface Stability     Committed
.TE

.SH SEE ALSO
.LP
\fBldap\fR(1), \fBldapadd\fR(1), \fBldapdelete\fR(1), \fBldapmodify\fR(1),
\fBldapmodrdn\fR(1), \fBldapsearch\fR(1), \fBidsconfig\fR(8),
\fBldap_cachemgr\fR(8), \fBldapaddent\fR(8), \fBldapclient\fR(8),
\fBresolv.conf\fR(4), \fBattributes\fR(5)
.SH NOTES
.LP
\fIRFC 2307bis\fR is an IETF informational document in draft stage that defines
an approach for using \fBLDAP\fR as a naming service.
.sp
.LP
Currently StartTLS is not supported by \fBlibldap.so.5\fR, therefore the port
number provided refers to the port used during a TLS open, versus the port used
as part of a StartTLS sequence. For example, \fB-h foo:1000 -a tls:simple\fR,
refers to a raw TLS open on host \fBfoo\fR, port 1000, not a open, StartTLS
sequence on an unsecured port 1000. If port 1000 is unsecured the connection is
not made.