|
Packit |
6bd9ab |
'\" -*- coding: utf-8 -*-
|
|
Packit |
6bd9ab |
.if \n(.g .ds T< \\FC
|
|
Packit |
6bd9ab |
.if \n(.g .ds T> \\F[\n[.fam]]
|
|
Packit |
6bd9ab |
.de URL
|
|
Packit |
6bd9ab |
\\$2 \(la\\$1\(ra\\$3
|
|
Packit |
6bd9ab |
..
|
|
Packit |
6bd9ab |
.if \n(.g .mso www.tmac
|
|
Packit |
6bd9ab |
.TH getent.ldap 1 "Feb 2018" "Version 0.9.9" "User Commands"
|
|
Packit |
6bd9ab |
.SH NAME
|
|
Packit |
6bd9ab |
getent.ldap \- query information from LDAP
|
|
Packit |
6bd9ab |
.SH SYNOPSIS
|
|
Packit |
6bd9ab |
'nh
|
|
Packit |
6bd9ab |
.fi
|
|
Packit |
6bd9ab |
.ad l
|
|
Packit |
6bd9ab |
\fBgetent.ldap\fR \kx
|
|
Packit |
6bd9ab |
.if (\nx>(\n(.l/2)) .nr x (\n(.l/5)
|
|
Packit |
6bd9ab |
'in \n(.iu+\nxu
|
|
Packit |
6bd9ab |
[\fIoptions\fR] [\fIDATABASE\fR] [\fIKEY...\fR]
|
|
Packit |
6bd9ab |
'in \n(.iu-\nxu
|
|
Packit |
6bd9ab |
.ad b
|
|
Packit |
6bd9ab |
'hy
|
|
Packit |
6bd9ab |
.SH DESCRIPTION
|
|
Packit |
6bd9ab |
The \fBgetent.ldap\fR command can be used to lookup or
|
|
Packit |
6bd9ab |
enumerate information from LDAP.
|
|
Packit |
6bd9ab |
Unlike the
|
|
Packit |
6bd9ab |
\fBgetent\fR(1)
|
|
Packit |
6bd9ab |
command, this command completely bypasses the lookups configured in
|
|
Packit |
6bd9ab |
\*(T<\fI/etc/nsswitch.conf\fR\*(T> and queries the
|
|
Packit |
6bd9ab |
\fBnslcd\fR(8)
|
|
Packit |
6bd9ab |
daemon directly.
|
|
Packit |
6bd9ab |
.PP
|
|
Packit |
6bd9ab |
\fBgetent.ldap\fR tries to match the behaviour and output of
|
|
Packit |
6bd9ab |
\fBgetent\fR and the format in the corresponding flat files
|
|
Packit |
6bd9ab |
as much as possible, however there are a number of differences.
|
|
Packit |
6bd9ab |
If multiple entries are found in LDAP that match a
|
|
Packit |
6bd9ab |
specific query, multiple values are printed (e.g. ethernet addresses that
|
|
Packit |
6bd9ab |
have multiple names, services that support multiple protocols, etc.).
|
|
Packit |
6bd9ab |
Also, some databases have extra options as described below.
|
|
Packit |
6bd9ab |
.SH OPTIONS
|
|
Packit |
6bd9ab |
The options that may be specified to the \fBgetent.ldap\fR
|
|
Packit |
6bd9ab |
command are:
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fB\-h\fR\*(T>, \*(T<\fB\-\-help\fR\*(T>
|
|
Packit |
6bd9ab |
Display short help and exit.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fB\-V, \-\-version\fR\*(T>
|
|
Packit |
6bd9ab |
Output version information and exit.
|
|
Packit |
6bd9ab |
.SH DATABASES
|
|
Packit |
6bd9ab |
The \fIDATABASE\fR argument may be any of the
|
|
Packit |
6bd9ab |
supported databases below:
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBaliases\fR\*(T>
|
|
Packit |
6bd9ab |
Lists or queries email aliases.
|
|
Packit |
6bd9ab |
If \fIKEY\fR is given it searches for the alias
|
|
Packit |
6bd9ab |
by name, otherwise it returns all aliases from
|
|
Packit |
6bd9ab |
LDAP.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBethers\fR\*(T>
|
|
Packit |
6bd9ab |
Lists or queries ethernet addresses.
|
|
Packit |
6bd9ab |
If \fIKEY\fR matches the format of an ethernet
|
|
Packit |
6bd9ab |
address a search by address is performed, otherwise a search by name
|
|
Packit |
6bd9ab |
is performed or all entries are returned if
|
|
Packit |
6bd9ab |
\fIKEY\fR is omitted.
|
|
Packit |
6bd9ab |
Unlike \fBgetent\fR, \fBgetent.ldapd\fR
|
|
Packit |
6bd9ab |
does support enumerating all ethernet addresses.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBgroup\fR\*(T>
|
|
Packit |
6bd9ab |
Lists or queries groups.
|
|
Packit |
6bd9ab |
If \fIKEY\fR is numeric, it searches for the
|
|
Packit |
6bd9ab |
group by group id.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBgroup.bymember\fR\*(T>
|
|
Packit |
6bd9ab |
The \fIKEY\fR is a user name and groups are
|
|
Packit |
6bd9ab |
returned for which this user is a member.
|
|
Packit |
6bd9ab |
The format is similar to the \*(T<\fBgroup\fR\*(T> output but the
|
|
Packit |
6bd9ab |
group members are left out for performance reasons.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBhosts\fR\*(T>
|
|
Packit |
6bd9ab |
List or search host names and addresses by either host name,
|
|
Packit |
6bd9ab |
IPv4 or IPv6 address. This returns both IPv4 and IPv6 addresses
|
|
Packit |
6bd9ab |
(if available).
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBhostsv4\fR\*(T>
|
|
Packit |
6bd9ab |
Similar to \*(T<\fBhosts\fR\*(T> but any supplied IPv6 addresses are
|
|
Packit |
6bd9ab |
treated as host names and only IPv4 addresses are returned.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBhostsv6\fR\*(T>
|
|
Packit |
6bd9ab |
Similar to \*(T<\fBhosts\fR\*(T> but \fIKEY\fR
|
|
Packit |
6bd9ab |
is treated as an IPv6 address or a host name and only IPv6 addresses
|
|
Packit |
6bd9ab |
are returned.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnetgroup\fR\*(T>
|
|
Packit |
6bd9ab |
List or query netgroups and netgroup triples (host, user, domain) that
|
|
Packit |
6bd9ab |
are a member of the netgroup.
|
|
Packit |
6bd9ab |
Unlike \fBgetent\fR, \fBgetent.ldapd\fR
|
|
Packit |
6bd9ab |
does support enumerating all ethernet addresses.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnetgroup.norec\fR\*(T>
|
|
Packit |
6bd9ab |
Similar to \*(T<\fBnetgroup\fR\*(T> except that no subsequent
|
|
Packit |
6bd9ab |
lookups are done to expand netgroups which are member of the
|
|
Packit |
6bd9ab |
supplied netgroup and the output may contain both other netgroup
|
|
Packit |
6bd9ab |
names and netgroup triples.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnetworks\fR\*(T>
|
|
Packit |
6bd9ab |
List or query network names and addresses.
|
|
Packit |
6bd9ab |
\fIKEY\fR may be a network name or address.
|
|
Packit |
6bd9ab |
This map can return both IPv4 and IPv6 network addresses.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnetworksv4\fR\*(T>
|
|
Packit |
6bd9ab |
Only return IPv4 network addresses.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnetworksv6\fR\*(T>
|
|
Packit |
6bd9ab |
Only return IPv6 network addresses.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBpasswd\fR\*(T>
|
|
Packit |
6bd9ab |
Enumerate or search the user account database.
|
|
Packit |
6bd9ab |
\fIKEY\fR may be a user name or numeric user id
|
|
Packit |
6bd9ab |
or be omitted to list all users.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBprotocols\fR\*(T>
|
|
Packit |
6bd9ab |
Enumerate the internet protocols database.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBrpc\fR\*(T>
|
|
Packit |
6bd9ab |
List or search user readable names that map to RPC program numbers.
|
|
Packit |
6bd9ab |
Searching by \fIKEY\fR can be done on name or
|
|
Packit |
6bd9ab |
rpc program number.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBservices\fR\*(T>
|
|
Packit |
6bd9ab |
List or search the mapping between names for internet services and
|
|
Packit |
6bd9ab |
their corresponding port numbers and protocol types.
|
|
Packit |
6bd9ab |
The \fIKEY\fR can be either a service name or
|
|
Packit |
6bd9ab |
number, followed by an optional slash and protocol name to restrict
|
|
Packit |
6bd9ab |
the search to only entries for the specified protocol.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBshadow\fR\*(T>
|
|
Packit |
6bd9ab |
Enumerate or search extended user account information.
|
|
Packit |
6bd9ab |
Note that shadow information is likely only exposed to the root user
|
|
Packit |
6bd9ab |
and by default \fBnslcd\fR does not expose password
|
|
Packit |
6bd9ab |
hashes, even to root.
|
|
Packit |
6bd9ab |
.SH "SEE ALSO"
|
|
Packit |
6bd9ab |
\fBgetent\fR(1),
|
|
Packit |
6bd9ab |
\fBnslcd\fR(8)
|
|
Packit |
6bd9ab |
.SH AUTHOR
|
|
Packit |
6bd9ab |
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
|
|
Packit |
6bd9ab |
.SH BUGS
|
|
Packit |
6bd9ab |
Currently, \fBgetent.ldapd\fR does not correctly set an
|
|
Packit |
6bd9ab |
exit code. It should return the same kind of exit codes as
|
|
Packit |
6bd9ab |
\fBgetent\fR does (e.g. for missing entries).
|