ldapgetusrattr Command

Purpose

Displays the value of an attribute for an LDAP user configured in the LDAP directory server.

Note: If an LDAP user is created with a UID value that is greater than 2³¹, the ldapgetusrattr command displays it as a negative number.

Syntax

ldapgetusrattr <user_name> <ldap_attribute_name>

Description

The ldapgetusrattr command queries the LDAP directory server by using the secldapclntd daemon and prints the result to the standard output (stdout) file.

Exit Status

This ldapgetusrattr command returns zero (0) after successful completion and returns a non-zero value on failure. On failure, one for the following error messages are written to the standard error file (stderr):

Item	Description
EIO	Indicates a connection error with the LDAP directory server.
EINVAL	Indicates that the arguments of the command are invalid or do not follow the expected usage.
EPERM	Indicates that you do not have permissions to run the command.
ENOMEM	Indicates insufficient memory to run the command.
errno	Indicates a system error.

Security

A root user owns the ldapgetusrattr command and can also run the command. Also, a user with the role that has the aix.security.ldap authorization can run the ldapgetusrattr command.

Example

To display the value of the passwordminlength attribute for the LDAP user foo, run the following command:
```
ldapgetusrattr foo passwordminlength
```
An output that is similar to the following example is displayed:
```
8
```
To display the value of the sshPublicKey attribute for the LDAP user foo, run the following command:
```
ldapgetusrattr foo sshPublicKey
```

Restrictions

The ldapgetusrattr command is dependent on the secldapclntd daemon to query the LDAP server.