|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
getent.ldap.1.xml - docbook manual page for getent.ldap
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 2013-2018 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
-->
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refentry id="getentldap1">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refentryinfo>
|
|
Packit |
6bd9ab |
<author>
|
|
Packit |
6bd9ab |
<firstname>Arthur</firstname>
|
|
Packit |
6bd9ab |
<surname>de Jong</surname>
|
|
Packit |
6bd9ab |
</author>
|
|
Packit |
6bd9ab |
</refentryinfo>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refmeta>
|
|
Packit |
6bd9ab |
<refentrytitle>getent.ldap</refentrytitle>
|
|
Packit |
6bd9ab |
<manvolnum>1</manvolnum>
|
|
Packit |
6bd9ab |
<refmiscinfo class="version">Version 0.9.9</refmiscinfo>
|
|
Packit |
6bd9ab |
<refmiscinfo class="manual">User Commands</refmiscinfo>
|
|
Packit |
6bd9ab |
<refmiscinfo class="date">Feb 2018</refmiscinfo>
|
|
Packit |
6bd9ab |
</refmeta>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refnamediv id="name">
|
|
Packit |
6bd9ab |
<refname>getent.ldap</refname>
|
|
Packit |
6bd9ab |
<refpurpose>query information from LDAP</refpurpose>
|
|
Packit |
6bd9ab |
</refnamediv>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsynopsisdiv id="synopsis">
|
|
Packit |
6bd9ab |
<cmdsynopsis>
|
|
Packit |
6bd9ab |
<command>getent.ldap</command>
|
|
Packit |
6bd9ab |
<arg choice="opt"><replaceable>options</replaceable></arg>
|
|
Packit |
6bd9ab |
<arg><replaceable>DATABASE</replaceable></arg>
|
|
Packit |
6bd9ab |
<arg choice="opt"><replaceable>KEY...</replaceable></arg>
|
|
Packit |
6bd9ab |
</cmdsynopsis>
|
|
Packit |
6bd9ab |
</refsynopsisdiv>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="description">
|
|
Packit |
6bd9ab |
<title>Description</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
The <command>getent.ldap</command> command can be used to lookup or
|
|
Packit |
6bd9ab |
enumerate information from LDAP.
|
|
Packit |
6bd9ab |
Unlike the
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
Packit |
6bd9ab |
command, this command completely bypasses the lookups configured in
|
|
Packit |
6bd9ab |
<filename>/etc/nsswitch.conf</filename> and queries the
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
Packit |
6bd9ab |
daemon directly.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
<command>getent.ldap</command> tries to match the behaviour and output of
|
|
Packit |
6bd9ab |
<command>getent</command> and the format in the corresponding flat files
|
|
Packit |
6bd9ab |
as much as possible, however there are a number of differences.
|
|
Packit |
6bd9ab |
If multiple entries are found in LDAP that match a
|
|
Packit |
6bd9ab |
specific query, multiple values are printed (e.g. ethernet addresses that
|
|
Packit |
6bd9ab |
have multiple names, services that support multiple protocols, etc.).
|
|
Packit |
6bd9ab |
Also, some databases have extra options as described below.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="options">
|
|
Packit |
6bd9ab |
<title>Options</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
The options that may be specified to the <command>getent.ldap</command>
|
|
Packit |
6bd9ab |
command are:
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
<variablelist remap="TP">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="help">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>-h</option>, <option>--help</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>Display short help and exit.</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="version">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>-V, --version</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>Output version information and exit.</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
</variablelist>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="databases">
|
|
Packit |
6bd9ab |
<title>Databases</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
The <replaceable>DATABASE</replaceable> argument may be any of the
|
|
Packit |
6bd9ab |
supported databases below:
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
<variablelist remap="TP">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="aliases">
|
|
Packit |
6bd9ab |
<term><option>aliases</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Lists or queries email aliases.
|
|
Packit |
6bd9ab |
If <replaceable>KEY</replaceable> is given it searches for the alias
|
|
Packit |
6bd9ab |
by name, otherwise it returns all aliases from
|
|
Packit |
6bd9ab |
LDAP.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="ethers">
|
|
Packit |
6bd9ab |
<term><option>ethers</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Lists or queries ethernet addresses.
|
|
Packit |
6bd9ab |
If <replaceable>KEY</replaceable> matches the format of an ethernet
|
|
Packit |
6bd9ab |
address a search by address is performed, otherwise a search by name
|
|
Packit |
6bd9ab |
is performed or all entries are returned if
|
|
Packit |
6bd9ab |
<replaceable>KEY</replaceable> is omitted.
|
|
Packit |
6bd9ab |
Unlike <command>getent</command>, <command>getent.ldapd</command>
|
|
Packit |
6bd9ab |
does support enumerating all ethernet addresses.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="group">
|
|
Packit |
6bd9ab |
<term><option>group</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Lists or queries groups.
|
|
Packit |
6bd9ab |
If <replaceable>KEY</replaceable> is numeric, it searches for the
|
|
Packit |
6bd9ab |
group by group id.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="group.bymember">
|
|
Packit |
6bd9ab |
<term><option>group.bymember</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
The <replaceable>KEY</replaceable> is a user name and groups are
|
|
Packit |
6bd9ab |
returned for which this user is a member.
|
|
Packit |
6bd9ab |
The format is similar to the <option>group</option> output but the
|
|
Packit |
6bd9ab |
group members are left out for performance reasons.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="hosts">
|
|
Packit |
6bd9ab |
<term><option>hosts</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
List or search host names and addresses by either host name,
|
|
Packit |
6bd9ab |
IPv4 or IPv6 address. This returns both IPv4 and IPv6 addresses
|
|
Packit |
6bd9ab |
(if available).
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="hostsv4">
|
|
Packit |
6bd9ab |
<term><option>hostsv4</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Similar to <option>hosts</option> but any supplied IPv6 addresses are
|
|
Packit |
6bd9ab |
treated as host names and only IPv4 addresses are returned.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="hostsv6">
|
|
Packit |
6bd9ab |
<term><option>hostsv6</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Similar to <option>hosts</option> but <replaceable>KEY</replaceable>
|
|
Packit |
6bd9ab |
is treated as an IPv6 address or a host name and only IPv6 addresses
|
|
Packit |
6bd9ab |
are returned.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="netgroup">
|
|
Packit |
6bd9ab |
<term><option>netgroup</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
List or query netgroups and netgroup triples (host, user, domain) that
|
|
Packit |
6bd9ab |
are a member of the netgroup.
|
|
Packit |
6bd9ab |
Unlike <command>getent</command>, <command>getent.ldapd</command>
|
|
Packit |
6bd9ab |
does support enumerating all ethernet addresses.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="netgroup.norec">
|
|
Packit |
6bd9ab |
<term><option>netgroup.norec</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Similar to <option>netgroup</option> except that no subsequent
|
|
Packit |
6bd9ab |
lookups are done to expand netgroups which are member of the
|
|
Packit |
6bd9ab |
supplied netgroup and the output may contain both other netgroup
|
|
Packit |
6bd9ab |
names and netgroup triples.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="networks">
|
|
Packit |
6bd9ab |
<term><option>networks</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
List or query network names and addresses.
|
|
Packit |
6bd9ab |
<replaceable>KEY</replaceable> may be a network name or address.
|
|
Packit |
6bd9ab |
This map can return both IPv4 and IPv6 network addresses.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="networksv4">
|
|
Packit |
6bd9ab |
<term><option>networksv4</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Only return IPv4 network addresses.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="networksv6">
|
|
Packit |
6bd9ab |
<term><option>networksv6</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Only return IPv6 network addresses.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="passwd">
|
|
Packit |
6bd9ab |
<term><option>passwd</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Enumerate or search the user account database.
|
|
Packit |
6bd9ab |
<replaceable>KEY</replaceable> may be a user name or numeric user id
|
|
Packit |
6bd9ab |
or be omitted to list all users.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="protocols">
|
|
Packit |
6bd9ab |
<term><option>protocols</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Enumerate the internet protocols database.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="rpc">
|
|
Packit |
6bd9ab |
<term><option>rpc</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
List or search user readable names that map to RPC program numbers.
|
|
Packit |
6bd9ab |
Searching by <replaceable>KEY</replaceable> can be done on name or
|
|
Packit |
6bd9ab |
rpc program number.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="services">
|
|
Packit |
6bd9ab |
<term><option>services</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
List or search the mapping between names for internet services and
|
|
Packit |
6bd9ab |
their corresponding port numbers and protocol types.
|
|
Packit |
6bd9ab |
The <replaceable>KEY</replaceable> can be either a service name or
|
|
Packit |
6bd9ab |
number, followed by an optional slash and protocol name to restrict
|
|
Packit |
6bd9ab |
the search to only entries for the specified protocol.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<varlistentry id="shadow">
|
|
Packit |
6bd9ab |
<term><option>shadow</option></term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Enumerate or search extended user account information.
|
|
Packit |
6bd9ab |
Note that shadow information is likely only exposed to the root user
|
|
Packit |
6bd9ab |
and by default <command>nslcd</command> does not expose password
|
|
Packit |
6bd9ab |
hashes, even to root.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
</variablelist>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="see_also">
|
|
Packit |
6bd9ab |
<title>See Also</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="author">
|
|
Packit |
6bd9ab |
<title>Author</title>
|
|
Packit |
6bd9ab |
<para>This manual was written by Arthur de Jong <arthur@arthurdejong.org>.</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="bugs">
|
|
Packit |
6bd9ab |
<title>Bugs</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Currently, <command>getent.ldapd</command> does not correctly set an
|
|
Packit |
6bd9ab |
exit code. It should return the same kind of exit codes as
|
|
Packit |
6bd9ab |
<command>getent</command> does (e.g. for missing entries).
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
</refentry>
|