getent.ldap(1) User Commands getent.ldap(1)
NAME
getent.ldap - query information from LDAP
SYNOPSIS
getent.ldap [options] [DATABASE] [KEY...]
DESCRIPTION
The getent.ldap command can be used to lookup or enumerate information
from LDAP. Unlike the getent(1) command, this command completely by-
passes the lookups configured in /etc/nsswitch.conf and queries the
nslcd(8) daemon directly.
getent.ldap tries to match the behaviour and output of getent and the
format in the corresponding flat files as much as possible, however
there are a number of differences. If multiple entries are found in
LDAP that match a specific query, multiple values are printed (e.g. eth-
ernet addresses that have multiple names, services that support multiple
protocols, etc.). Also, some databases have extra options as described
below.
OPTIONS
The options that may be specified to the getent.ldap command are:
-h, --help
Display short help and exit.
-V, --version
Output version information and exit.
DATABASES
The DATABASE argument may be any of the supported databases below:
aliases
Lists or queries email aliases. If KEY is given it searches for
the alias by name, otherwise it returns all aliases from LDAP.
ethers Lists or queries ethernet addresses. If KEY matches the format
of an ethernet address a search by address is performed, other-
wise a search by name is performed or all entries are returned if
KEY is omitted. Unlike getent, getent.ldapd does support enumer-
ating all ethernet addresses.
group Lists or queries groups. If KEY is numeric, it searches for the
group by group id.
group.bymember
The KEY is a user name and groups are returned for which this
user is a member. The format is similar to the group output but
the group members are left out for performance reasons.
hosts List or search host names and addresses by either host name, IPv4
or IPv6 address. This returns both IPv4 and IPv6 addresses (if
available).
hostsv4
Similar to hosts but any supplied IPv6 addresses are treated as
host names and only IPv4 addresses are returned.
hostsv6
Similar to hosts but KEY is treated as an IPv6 address or a host
name and only IPv6 addresses are returned.
netgroup
List or query netgroups and netgroup triples (host, user, domain)
that are a member of the netgroup. Unlike getent, getent.ldapd
does support enumerating all ethernet addresses.
netgroup.norec
Similar to netgroup except that no subsequent lookups are done to
expand netgroups which are member of the supplied netgroup and
the output may contain both other netgroup names and netgroup
triples.
networks
List or query network names and addresses. KEY may be a network
name or address. This map can return both IPv4 and IPv6 network
addresses.
networksv4
Only return IPv4 network addresses.
networksv6
Only return IPv6 network addresses.
passwd Enumerate or search the user account database. KEY may be a user
name or numeric user id or be omitted to list all users.
protocols
Enumerate the internet protocols database.
rpc List or search user readable names that map to RPC program num-
bers. Searching by KEY can be done on name or rpc program num-
ber.
services
List or search the mapping between names for internet services
and their corresponding port numbers and protocol types. The KEY
can be either a service name or number, followed by an optional
slash and protocol name to restrict the search to only entries
for the specified protocol.
shadow Enumerate or search extended user account information. Note that
shadow information is likely only exposed to the root user and by
default nslcd does not expose password hashes, even to root.
SEE ALSO
getent(1), nslcd(8)
AUTHOR
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
BUGS
Currently, getent.ldapd does not correctly set an exit code. It should
return the same kind of exit codes as getent does (e.g. for missing en-
tries).
Version 0.9.13 Feb 2025 getent.ldap(1)
Generated by dwww version 1.16 on Tue Dec 16 06:26:01 CET 2025.