ldapcfinfo(1M)ldapcfinfo(1M)NAMEldapcfinfo - programmatically provides LDAP-UX information to non-
interactive applications
SYNOPSIS
type]
type]
type]
type]
DESCRIPTION
allows non-interactive applications to programmatically discover infor‐
mation about ldapux(5) configuration, including:
· If LDAP-UX is properly configured and active.
· LDAP-UX configuration profile location.
· LDAP-UX configuration profile information.
· Required attributes when creating new users or groups.
The following is a summary of commands:
type]
Discover if LDAP-UX is properly configured for the specified
service type.
type]
Display information about the active LDAP-UX configuration pro‐
file.
type]
Display the list of default and user defined template files.
Discover the list of required attributes in the specified (or
default) template file.
type]
Discover a suggested list of modifiable attributes for the spec‐
ified entry.
Options
Specifies the service name for which to retrieve configuration informa‐
tion.
Possible service names are: and
If the argument is not specified, assumes the name ser‐
vice (if applicable to the argument specified). If the
option is the only argument specified on the command
line, will report if LDAP-UX is properly configured and
active for the specified service.
Reports if the user running the
command has the ability to use the LDAP administrator's
credential, if configured.
returns zero exit status if the user has rights to
access the LDAP administrator's credential. returns a
non-zero exit status if not.
Please refer to the section titled in the for additional
details about the LDAP-UX administrator credential.
This document can be found at
Displays the distinguished name of the
ldapux(5) configuration profile and LDAP server which
hosts that profile. Format will be:
If SSL or TLS is required to download the profile, will
be replaced with
Displays the required attributes as defined in the default template
file
or the template file specified with the option.
If the option is not specified, then or must be speci‐
fied to indicate which default template file should be
examined.
Each attribute required by the requested template file
will appear on separate lines, one per line. Since the
RFC2307 POSIX attributes are a static known list and
required, only non-posix attributes will be displayed.
Specifies the LDIF template file used to create new user or group
entries.
The template_file parameter may either be a full or rel‐
ative path name or a "short" name.
The option is ignored unless the option is also speci‐
fied.
Please refer to ldapugadd(1M) man page for a description
about template file naming and specification of the tem‐
plate_file option.
Displays the list of available template files for the service specified
with the option. The full path name of the template
files will be displayed, each on a separate line.
Displays the default configuration values for the
command. When is specified, the uid range, default gid,
default home and default shell values are displayed.
When the is specified, the gid range is displayed.
Displays the primary (first) configured search base for a particular
service as defined with the option. If the option is
not specified, the ldapux(5) default search base will be
displayed.
Output format for the option will follow the format
defined in RFC4514,
Displays the primary (first) configured search scope for a particular
service as defined with the option. If the option is
not specified, the ldapux(5) default search base for
passwd will be displayed.
Output format for the option will be either or which
represents the search scopes as defined in RFC4516,
Displays the primary (first) configured search filter for the
particular service defined with the option.
If the option is not specified, the service will be
assumed.
Output format will be an LDAP filter following the for‐
mat defined by RFC4515,
Display brief help text.
Displays attribute or objectclass
mapping for the requested attribute or objectclass name.
atobName is either one of the RFC2307 attributes or the
objectclass defined for the specific service requested.
If the requested attribute is mapped to more than one
target attribute, each target attribute will be dis‐
played on the same line, separated by white space. See
example usage and output below.
Note that attribute and objectclass names are considered
case-insensitive. atobName may be specified multiple
times in a comma separated list. No white space should
appear in the list.
Displays the recommended list of attributes that an interactive manage‐
ment
tool should consider making available for modification
for the specified entry.
Note that specification of the option is required in
order for this operation to function properly.
Note
Since each and options all generate varying output formats, only one of
these options may be used per invocation of the command. Use of multi‐
ple of the above options in a single command line may prevent distin‐
guishing which output applies to which option, and will result in an
error.
The option is ignored unless the option is specified.
EXAMPLES
To display the attribute mapping for the gecos attribute (assuming it
has been mapped to cn, l, and telephoneNumber) use:
# ldapcfinfo-t passwd -m gecos
gecos=cn l telephoneNumber
To display the default search base as configured by the ldapux(5) con‐
figuration profile use:
# ldapcfinfo-b
ou=example org,dc=example,dc=com
To display the default search base for the group name service (assuming
has been configured as the search base for the groups name service)
use:
# ldapcfinfo-t group -b
ou=Groups,ou=example org,dc=example,dc=com
To display the non-POSIX attributes required by command for the name
service (assuming the default file use:
# ldapcfinfo-t passwd -R
sn
To display the location of the LDAP-UX configuration profile use:
# ldapcfinfo-P
dn: cn=ldapux-profile,ou=example org,dc=example,dc=com
host: 10.42.222.15:389
To display attribute mapping for the service, and assuming the uidNum‐
ber attribute has been mapped to employeeNumber and the gecos has been
mapped to the three attributes, cn, l, and telephoneNumber, use:
# ldapcfinfo-t passwd -m uid,uidNumber,gecos
uid=uid
uidNumber=employeeNumber
gecos=cn l telephoneNumber
To display the mapped objectclass and related attributes for the ser‐
vice, and assuming that objectclass has been mapped to pkiUser, use:
# ldapcfinfo-t publickey -m niskeyobject,nispublickey,nissecretkey
niskeyobject=pkiUser
nispublickey=userCertificate
nissecretkey=*NULL*
Note: The above example is for demonstration only and does not
imply the ability of LDAP-UX to be able to translate an X.509
userCertificate into an NIS public key.
RETURN VALUE
Upon exit, returns the following:
0 Success. exits with no errors or with one or more warnings.
<>0 returns with a non-zero exit status if it encounters an error,
and messages will be logged to stderr.
Messages will follow the below format:
code
message
or
code
message
Leading extra white space may be inserted to improve readabil‐
ity and follow 80 column screen formatting.
code will be a programmatically parsable error key-string,
while
message will be human-readable. Refer to the for a list of
possible error codes generated by the LDAP user and
group management tools.
SEE ALSOldapugadd(1M), ldapugdel(1M), ldapuglist(1M), ldapugmod(1M), ldapux(5).
ldapcfinfo(1M)