man finger-ldap (Commandes) - a wrapper around finger for LDAP
NAME
finger-ldap - a wrapper around finger for LDAP
SYNOPSIS
finger-ldap [-lmsp] [user ...] [user@host ...]
DESCRIPTION
The finger-ldap displays information about the system users, much like finger.
By default, finger will match against users' real names, unless it has been passed the -m option. However, it does this in a very inefficient way. It queries the Name Service Switch for all the users on the system, and does the pattern matching itself. This causes the LDAP server to read all its entries out of the database and push them over the wire-load on the server will spike, and your network will slow down.
However, this does not have to happen. LDAP has a very decent system for matching substrings of real names, documented in RFC 2254. Since finger can perform simple lookups on login names which cause the LDAP server to only return the requested users' data, we can pass the correct login names to finger for efficient operation. What finger-ldap does is to perform queries like finger would, using LDAP search string syntax, in order to resolve the correct login names. Then it passes these login names to finger -m which formats the output nicely.
In order to discover which LDAP server to use, and what the correct domain name is, finger-ldap relies on the Name Switch Service to be properly configured to use LDAP. This means that the /etc/libnss-ldap.conf configuration file contains entries listing the base domain name (base fields) and also the LDAP servers (uri or host fields).
FILES
/etc/libnss-ldap.conf
AUTHORS
Simon Law
SEE ALSO
finger(1), libnss-ldap.conf(5).