ldapgetusrattr Command
Purpose
Displays the value of an attribute for an LDAP user configured in the LDAP directory
server.
Note: If an LDAP user is created with a UID value that is greater than 231, the
ldapgetusrattr command displays it as a negative number.
Syntax
ldapgetusrattr <user_name>
<ldap_attribute_name>
Description
The ldapgetusrattr command queries the LDAP directory server by using the
secldapclntd
daemon and prints the result to the standard output
(stdout
) file.
Exit Status
This ldapgetusrattr command returns zero (0) after successful completion and
returns a non-zero value on failure. On failure, one for the following error messages are written to
the standard error file (
stderr
):
Item | Description |
---|---|
EIO | Indicates a connection error with the LDAP directory server. |
EINVAL | Indicates that the arguments of the command are invalid or do not follow the expected usage. |
EPERM | Indicates that you do not have permissions to run the command. |
ENOMEM | Indicates insufficient memory to run the command. |
errno | Indicates a system error. |
Security
A root user owns the ldapgetusrattr command and can also run the command.
Also, a user with the role that has the aix.security.ldap
authorization can run the
ldapgetusrattr command.
Example
- To display the value of the
passwordminlength
attribute for the LDAP userfoo
, run the following command:ldapgetusrattr foo passwordminlength
An output that is similar to the following example is displayed:8
- To display the value of the
sshPublicKey
attribute for the LDAP userfoo
, run the following command:ldapgetusrattr foo sshPublicKey
Restrictions
The ldapgetusrattr command is dependent on the secldapclntd
daemon to query the LDAP server.