finger-ldap(1) General Commands Manual finger-ldap(1)
finger-ldap - a wrapper around finger for LDAP
finger-ldap [-lmsp] [user ...] [user@host ...]
The finger-ldap displays information about the system users, much like
By default, finger will match against users' real names, unless it has
been passed the -m option. However, it does this in a very inefficient
way. It queries the Name Service Switch for all the users on the sys-
tem, and does the pattern matching itself. This causes the LDAP server
to read all its entries out of the database and push them over the
wire--load on the server will spike, and your network will slow down.
However, this does not have to happen. LDAP has a very decent system
for matching substrings of real names, documented in RFC 2254. Since
finger can perform simple lookups on login names which cause the LDAP
server to only return the requested users' data, we can pass the cor-
rect login names to finger for efficient operation. What finger-ldap
does is to perform queries like finger would, using LDAP search string
syntax, in order to resolve the correct login names. Then it passes
these login names to finger -m which formats the output nicely.
In order to discover which LDAP server to use, and what the correct
domain name is, finger-ldap relies on the Name Switch Service to be
properly configured to use LDAP. This means that the /etc/libnss-
ldap.conf configuration file contains entries listing the base domain
name (base fields) and also the LDAP servers (uri or host fields).
finger-ldap 1.0 April 2004 finger-ldap(1)