Provided by: nslcd-utils_0.9.10-2_all bug


       getent.ldap - query information from LDAP


       getent.ldap [options] [DATABASE] [KEY...]


       The  getent.ldap command can be used to lookup or enumerate information from LDAP.  Unlike
       the getent(1)  command,  this  command  completely  bypasses  the  lookups  configured  in
       /etc/nsswitch.conf and queries the nslcd(8) daemon directly.

       getent.ldap  tries  to  match  the  behaviour  and  output of getent and the format in the
       corresponding flat files as much as possible, however there are a number  of  differences.
       If  multiple  entries  are  found in LDAP that match a specific query, multiple values are
       printed (e.g. ethernet addresses that have multiple names, services that support  multiple
       protocols, etc.).  Also, some databases have extra options as described below.


       The options that may be specified to the getent.ldap command are:

       -h, --help
              Display short help and exit.

       -V, --version
              Output version information and exit.


       The DATABASE argument may be any of the supported databases below:

              Lists or queries email aliases.  If KEY is given it searches for the alias by name,
              otherwise it returns all aliases from LDAP.

       ethers Lists or queries ethernet addresses.  If KEY matches  the  format  of  an  ethernet
              address  a  search by address is performed, otherwise a search by name is performed
              or all entries are returned if KEY is omitted.  Unlike  getent,  getent.ldapd  does
              support enumerating all ethernet addresses.

       group  Lists or queries groups.  If KEY is numeric, it searches for the group by group id.

              The  KEY  is  a  user name and groups are returned for which this user is a member.
              The format is similar to the group output but the group members are  left  out  for
              performance reasons.

       hosts  List  or search host names and addresses by either host name, IPv4 or IPv6 address.
              This returns both IPv4 and IPv6 addresses (if available).

              Similar to hosts but any supplied IPv6 addresses are treated as host names and only
              IPv4 addresses are returned.

              Similar to hosts but KEY is treated as an IPv6 address or a host name and only IPv6
              addresses are returned.

              List or query netgroups and netgroup triples (host, user, domain) that are a member
              of the netgroup.  Unlike getent, getent.ldapd does support enumerating all ethernet

              Similar to netgroup except that no subsequent lookups are done to expand  netgroups
              which  are  member  of  the supplied netgroup and the output may contain both other
              netgroup names and netgroup triples.

              List or query network names and addresses.  KEY may be a network name  or  address.
              This map can return both IPv4 and IPv6 network addresses.

              Only return IPv4 network addresses.

              Only return IPv6 network addresses.

       passwd Enumerate  or  search the user account database.  KEY may be a user name or numeric
              user id or be omitted to list all users.

              Enumerate the internet protocols database.

       rpc    List or search user readable names that map to RPC program numbers.   Searching  by
              KEY can be done on name or rpc program number.

              List  or  search  the  mapping  between  names  for  internet  services  and  their
              corresponding port numbers and protocol types.  The KEY can  be  either  a  service
              name  or  number,  followed  by an optional slash and protocol name to restrict the
              search to only entries for the specified protocol.

       shadow Enumerate  or  search  extended  user  account  information.   Note   that   shadow
              information  is  likely only exposed to the root user and by default nslcd does not
              expose password hashes, even to root.


       getent(1), nslcd(8)


       This manual was written by Arthur de Jong <>.


       Currently, getent.ldapd does not correctly set an exit code. It  should  return  the  same
       kind of exit codes as getent does (e.g. for missing entries).