1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<!--
getent.ldap.1.xml - docbook manual page for getent.ldap
Copyright (C) 2013-2021 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
-->
<refentry id="getentldap1">
<refentryinfo>
<author>
<firstname>Arthur</firstname>
<surname>de Jong</surname>
</author>
</refentryinfo>
<refmeta>
<refentrytitle>getent.ldap</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version">Version 0.9.12</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="date">Nov 2021</refmiscinfo>
</refmeta>
<refnamediv id="name">
<refname>getent.ldap</refname>
<refpurpose>query information from LDAP</refpurpose>
</refnamediv>
<refsynopsisdiv id="synopsis">
<cmdsynopsis>
<command>getent.ldap</command>
<arg choice="opt"><replaceable>options</replaceable></arg>
<arg><replaceable>DATABASE</replaceable></arg>
<arg choice="opt"><replaceable>KEY...</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="description">
<title>Description</title>
<para>
The <command>getent.ldap</command> command can be used to lookup or
enumerate information from <acronym>LDAP</acronym>.
Unlike the
<citerefentry><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
command, this command completely bypasses the lookups configured in
<filename>/etc/nsswitch.conf</filename> and queries the
<citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
daemon directly.
</para>
<para>
<command>getent.ldap</command> tries to match the behaviour and output of
<command>getent</command> and the format in the corresponding flat files
as much as possible, however there are a number of differences.
If multiple entries are found in <acronym>LDAP</acronym> that match a
specific query, multiple values are printed (e.g. ethernet addresses that
have multiple names, services that support multiple protocols, etc.).
Also, some databases have extra options as described below.
</para>
</refsect1>
<refsect1 id="options">
<title>Options</title>
<para>
The options that may be specified to the <command>getent.ldap</command>
command are:
</para>
<variablelist remap="TP">
<varlistentry id="help">
<term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
<para>Display short help and exit.</para>
</listitem>
</varlistentry>
<varlistentry id="version">
<term>
<option>-V, --version</option>
</term>
<listitem>
<para>Output version information and exit.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="databases">
<title>Databases</title>
<para>
The <replaceable>DATABASE</replaceable> argument may be any of the
supported databases below:
</para>
<variablelist remap="TP">
<varlistentry id="aliases">
<term><option>aliases</option></term>
<listitem>
<para>
Lists or queries email aliases.
If <replaceable>KEY</replaceable> is given it searches for the alias
by name, otherwise it returns all aliases from
<acronym>LDAP</acronym>.
</para>
</listitem>
</varlistentry>
<varlistentry id="ethers">
<term><option>ethers</option></term>
<listitem>
<para>
Lists or queries ethernet addresses.
If <replaceable>KEY</replaceable> matches the format of an ethernet
address a search by address is performed, otherwise a search by name
is performed or all entries are returned if
<replaceable>KEY</replaceable> is omitted.
Unlike <command>getent</command>, <command>getent.ldapd</command>
does support enumerating all ethernet addresses.
</para>
</listitem>
</varlistentry>
<varlistentry id="group">
<term><option>group</option></term>
<listitem>
<para>
Lists or queries groups.
If <replaceable>KEY</replaceable> is numeric, it searches for the
group by group id.
</para>
</listitem>
</varlistentry>
<varlistentry id="group.bymember">
<term><option>group.bymember</option></term>
<listitem>
<para>
The <replaceable>KEY</replaceable> is a user name and groups are
returned for which this user is a member.
The format is similar to the <option>group</option> output but the
group members are left out for performance reasons.
</para>
</listitem>
</varlistentry>
<varlistentry id="hosts">
<term><option>hosts</option></term>
<listitem>
<para>
List or search host names and addresses by either host name,
IPv4 or IPv6 address. This returns both IPv4 and IPv6 addresses
(if available).
</para>
</listitem>
</varlistentry>
<varlistentry id="hostsv4">
<term><option>hostsv4</option></term>
<listitem>
<para>
Similar to <option>hosts</option> but any supplied IPv6 addresses are
treated as host names and only IPv4 addresses are returned.
</para>
</listitem>
</varlistentry>
<varlistentry id="hostsv6">
<term><option>hostsv6</option></term>
<listitem>
<para>
Similar to <option>hosts</option> but <replaceable>KEY</replaceable>
is treated as an IPv6 address or a host name and only IPv6 addresses
are returned.
</para>
</listitem>
</varlistentry>
<varlistentry id="netgroup">
<term><option>netgroup</option></term>
<listitem>
<para>
List or query netgroups and netgroup triples (host, user, domain) that
are a member of the netgroup.
Unlike <command>getent</command>, <command>getent.ldapd</command>
does support enumerating all ethernet addresses.
</para>
</listitem>
</varlistentry>
<varlistentry id="netgroup.norec">
<term><option>netgroup.norec</option></term>
<listitem>
<para>
Similar to <option>netgroup</option> except that no subsequent
lookups are done to expand netgroups which are member of the
supplied netgroup and the output may contain both other netgroup
names and netgroup triples.
</para>
</listitem>
</varlistentry>
<varlistentry id="networks">
<term><option>networks</option></term>
<listitem>
<para>
List or query network names and addresses.
<replaceable>KEY</replaceable> may be a network name or address.
This map can return both IPv4 and IPv6 network addresses.
</para>
</listitem>
</varlistentry>
<varlistentry id="networksv4">
<term><option>networksv4</option></term>
<listitem>
<para>
Only return IPv4 network addresses.
</para>
</listitem>
</varlistentry>
<varlistentry id="networksv6">
<term><option>networksv6</option></term>
<listitem>
<para>
Only return IPv6 network addresses.
</para>
</listitem>
</varlistentry>
<varlistentry id="passwd">
<term><option>passwd</option></term>
<listitem>
<para>
Enumerate or search the user account database.
<replaceable>KEY</replaceable> may be a user name or numeric user id
or be omitted to list all users.
</para>
</listitem>
</varlistentry>
<varlistentry id="protocols">
<term><option>protocols</option></term>
<listitem>
<para>
Enumerate the internet protocols database.
</para>
</listitem>
</varlistentry>
<varlistentry id="rpc">
<term><option>rpc</option></term>
<listitem>
<para>
List or search user readable names that map to RPC program numbers.
Searching by <replaceable>KEY</replaceable> can be done on name or
rpc program number.
</para>
</listitem>
</varlistentry>
<varlistentry id="services">
<term><option>services</option></term>
<listitem>
<para>
List or search the mapping between names for internet services and
their corresponding port numbers and protocol types.
The <replaceable>KEY</replaceable> can be either a service name or
number, followed by an optional slash and protocol name to restrict
the search to only entries for the specified protocol.
</para>
</listitem>
</varlistentry>
<varlistentry id="shadow">
<term><option>shadow</option></term>
<listitem>
<para>
Enumerate or search extended user account information.
Note that shadow information is likely only exposed to the root user
and by default <command>nslcd</command> does not expose password
hashes, even to root.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="see_also">
<title>See Also</title>
<para>
<citerefentry><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
<refsect1 id="author">
<title>Author</title>
<para>This manual was written by Arthur de Jong <arthur@arthurdejong.org>.</para>
</refsect1>
<refsect1 id="bugs">
<title>Bugs</title>
<para>
Currently, <command>getent.ldapd</command> does not correctly set an
exit code. It should return the same kind of exit codes as
<command>getent</command> does (e.g. for missing entries).
</para>
</refsect1>
</refentry>
|