ldapgetusrattr Command
Purpose
Displays the value of an attribute for an LDAP user from the LDAP configured directory
server.
Note: If an LDAP user is created with a UID value that is greater than 231, the
ldapgetusrattr command displays it as a negative number.
Syntax
ldapgetusrattr <user_name>
<ldap_attribute_name>
Description
The ldapgetusrattr command displays the value of an attribute for an LDAP user
from the LDAP configured directory server. The ldapgetusrattr command queries the
LDAP directory server by using the secldapclntd
daemon and prints the result to the
standard output (stdout) file.
Exit Status
This ldapgetusrattr command returns 0 after successful completion and returns
nonzero value on failure. On failure, one for the following error messages are written to the
standard error (stderr) file:
Item | Description |
---|---|
0 | Indicates that the command completed successfully. |
EIO | Indicates a connection error with LDAP. |
EINVAL | Indicates that the command arguments are invalid or do not follow the expected usage. |
EPERM | Indicates that you do not have permissions to run the command. |
ENOMEM | Indicates insufficient memory to run the command. |
Security
The ldapgetusrattr command is owned by the root user and the command has
access permissions of 500. A root user or a user with the role that has the
aix.security.ldap
authorization can run the ldapgetusrattr
command.
Example
- To display the value of the
passwordminlength
attribute for the LDAP userfoo
, run the following command:ldapgetusrattr foo passwordminlength
An output that is similar to the following example is displayed:8
- To display the value of the
sshPublicKey
attribute for the LDAP userfoo
, run the following command:ldapgetusrattr foo sshPublicKey
An output that is similar to the following example is displayed:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlXAIquGStc6P07u7Y+3e5BeP608AxxCvCICGd/1V7jzzjKXI1o4ktFPqEUilHqw7RAgj zdXRG9jMeo2rg8oKye10CtswZGYunCDiFrBtw7cPSHcE1DCFW0yVu 70I5pUwVgYeVzQIWI8t28PdAvJnfCmlQQZxQrgGk3RimNVrRIFFHKgvbvG3Ck32K ChRSpzOFiI14ZaGgz1qvW1GAM4YD1zQ3pk/E5Gs80FaEuqxiDhmWoW7joA5SmkBcmz4UZgPEns0nZnIPDAYPPHBD482rKf1e0qymr9F1p5gIPK70Qi6fr ilRdYK9e7ybql6n8KzgJWGgBbZqkjyEJn/XeOrLhMfiEeqcNC3Mq3lg2M0tBGLojWyZ4QSIUCQXsjeRV74E1SuBOzrl4EBhiqJ8VQNr4sMfb1wXKPF6DO ivGY2w7tbthp7LE94fKAnYyMHEg67LQXVoaGW+EUcj6kJVnW1Hqly6Q2bMHmbiLHRudb+CAa8GUFuWsDxVmUn/PjyIAWc= vc17user@alp052-vc17.aus.stglabs.ibm.com
Restrictions
The ldapgetusrattr command is dependent on the secldapclntd
daemon to query the LDAP server.