ldapgetusrattr Command

Edit online

Purpose

Displays the value of an attribute for an LDAP user from the LDAP configured directory server.
Note: If an LDAP user is created with a UID value that is greater than 231, the ldapgetusrattr command displays it as a negative number.

Syntax

ldapgetusrattr <user_name> <ldap_attribute_name>

Description

The ldapgetusrattr command displays the value of an attribute for an LDAP user from the LDAP configured directory server. The ldapgetusrattr command queries the LDAP directory server by using the secldapclntd daemon and prints the result to the standard output (stdout) file.

Exit Status

This ldapgetusrattr command returns 0 after successful completion and returns nonzero value on failure. On failure, one for the following error messages are written to the standard error (stderr) file:
Table 1. Exit values of the ldapgetusrattr command
Item Description
0 Indicates that the command completed successfully.
EIO Indicates a connection error with LDAP.
EINVAL Indicates that the command arguments are invalid or do not follow the expected usage.
EPERM Indicates that you do not have permissions to run the command.
ENOMEM Indicates insufficient memory to run the command.

Security

The ldapgetusrattr command is owned by the root user and the command has access permissions of 500. A root user or a user with the role that has the aix.security.ldap authorization can run the ldapgetusrattr command.

Example

  1. To display the value of the passwordminlength attribute for the LDAP user foo, run the following command:
    ldapgetusrattr foo passwordminlength
    An output that is similar to the following example is displayed:
    8
  2. To display the value of the sshPublicKey attribute for the LDAP user foo, run the following command:
    ldapgetusrattr foo sshPublicKey
    An output that is similar to the following example is displayed:
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlXAIquGStc6P07u7Y+3e5BeP608AxxCvCICGd/1V7jzzjKXI1o4ktFPqEUilHqw7RAgj
zdXRG9jMeo2rg8oKye10CtswZGYunCDiFrBtw7cPSHcE1DCFW0yVu
70I5pUwVgYeVzQIWI8t28PdAvJnfCmlQQZxQrgGk3RimNVrRIFFHKgvbvG3Ck32K
ChRSpzOFiI14ZaGgz1qvW1GAM4YD1zQ3pk/E5Gs80FaEuqxiDhmWoW7joA5SmkBcmz4UZgPEns0nZnIPDAYPPHBD482rKf1e0qymr9F1p5gIPK70Qi6fr
ilRdYK9e7ybql6n8KzgJWGgBbZqkjyEJn/XeOrLhMfiEeqcNC3Mq3lg2M0tBGLojWyZ4QSIUCQXsjeRV74E1SuBOzrl4EBhiqJ8VQNr4sMfb1wXKPF6DO
ivGY2w7tbthp7LE94fKAnYyMHEg67LQXVoaGW+EUcj6kJVnW1Hqly6Q2bMHmbiLHRudb+CAa8GUFuWsDxVmUn/PjyIAWc= vc17user@alp052-vc17.aus.stglabs.ibm.com

Restrictions

The ldapgetusrattr command is dependent on the secldapclntd daemon to query the LDAP server.