getent.ldap - query information from LDAP
getent.ldap
[options] [DATABASE] [KEY...]
The getent.ldap command can be used to lookup or enumerate
information from LDAP. Unlike the getent(1) command, this command
completely bypasses the lookups configured in /etc/nsswitch.conf and
queries the nslcd(8) daemon directly.
getent.ldap tries to match the behaviour and output of
getent and the format in the corresponding flat files as much as
possible, however there are a number of differences. If multiple entries are
found in LDAP that match a specific query, multiple values are printed (e.g.
ethernet addresses that have multiple names, services that support multiple
protocols, etc.). Also, some databases have extra options as described
below.
The options that may be specified to the getent.ldap
command are:
- -h, --help
- Display short help and exit.
- -V, --version
- Output version information and exit.
The DATABASE argument may be any of the supported databases
below:
- aliases
- Lists or queries email aliases. If KEY is given it searches for the
alias by name, otherwise it returns all aliases from LDAP.
- ethers
- Lists or queries ethernet addresses. If KEY matches the format of
an ethernet address a search by address is performed, otherwise a search
by name is performed or all entries are returned if KEY is omitted.
Unlike getent, getent.ldapd does support enumerating all
ethernet addresses.
- group
- Lists or queries groups. If KEY is numeric, it searches for the
group by group id.
- group.bymember
- The KEY is a user name and groups are returned for which this user
is a member. The format is similar to the group output but the
group members are left out for performance reasons.
- hosts
- List or search host names and addresses by either host name, IPv4 or IPv6
address. This returns both IPv4 and IPv6 addresses (if available).
- hostsv4
- Similar to hosts but any supplied IPv6 addresses are treated as
host names and only IPv4 addresses are returned.
- hostsv6
- Similar to hosts but KEY is treated as an IPv6 address or a
host name and only IPv6 addresses are returned.
- netgroup
- List or query netgroups and netgroup triples (host, user, domain) that are
a member of the netgroup. Unlike getent, getent.ldapd does
support enumerating all ethernet addresses.
- netgroup.norec
- Similar to netgroup except that no subsequent lookups are done to
expand netgroups which are member of the supplied netgroup and the output
may contain both other netgroup names and netgroup triples.
- networks
- List or query network names and addresses. KEY may be a network
name or address. This map can return both IPv4 and IPv6 network
addresses.
- networksv4
- Only return IPv4 network addresses.
- networksv6
- Only return IPv6 network addresses.
- passwd
- Enumerate or search the user account database. KEY may be a user
name or numeric user id or be omitted to list all users.
- protocols
- Enumerate the internet protocols database.
- rpc
- List or search user readable names that map to RPC program numbers.
Searching by KEY can be done on name or rpc program number.
- services
- List or search the mapping between names for internet services and their
corresponding port numbers and protocol types. The KEY can be
either a service name or number, followed by an optional slash and
protocol name to restrict the search to only entries for the specified
protocol.
- shadow
- Enumerate or search extended user account information. Note that shadow
information is likely only exposed to the root user and by default
nslcd does not expose password hashes, even to root.
This manual was written by Arthur de Jong
<arthur@arthurdejong.org>.
Currently, getent.ldapd does not correctly set an exit
code. It should return the same kind of exit codes as getent does
(e.g. for missing entries).