NAME
finger-ldap - a wrapper around finger for LDAP
SYNOPSIS
finger-ldap [-lmsp] [user ...] [user@host ...]
DESCRIPTION
The finger-ldap displays information about the system users, much like
finger.
By default, finger will match against users’ real names, unless it has
been passed the -m option. However, it does this in a very inefficient
way. It queries the Name Service Switch for all the users on the
system, and does the pattern matching itself. This causes the LDAP
server to read all its entries out of the database and push them over
the wire—load on the server will spike, and your network will slow
down.
However, this does not have to happen. LDAP has a very decent system
for matching substrings of real names, documented in RFC 2254. Since
finger can perform simple lookups on login names which cause the LDAP
server to only return the requested users’ data, we can pass the
correct login names to finger for efficient operation. What finger-
ldap does is to perform queries like finger would, using LDAP search
string syntax, in order to resolve the correct login names. Then it
passes these login names to finger -m which formats the output nicely.
In order to discover which LDAP server to use, and what the correct
domain name is, finger-ldap relies on the Name Switch Service to be
properly configured to use LDAP. This means that the /etc/libnss-
ldap.conf configuration file contains entries listing the base domain
name (base fields) and also the LDAP servers (uri or host fields).
FILES
/etc/libnss-ldap.conf
AUTHORS
Simon Law
SEE ALSO
finger(1), libnss-ldap.conf(5).