La commande 'lsldap' permet de récupérer des informations du serveur LDAP utilisé.
En spécificiant des entités précises du LDAP, on peut afficher certaines informations, éventuellement filtrées.
Exemples suivant le serveur LDAP utilisé :
# lsldap -a passwd
dn: cn=Myname,O=MYORG
objectclass: top
objectclass: person
objectclass: posixAccount
objectclass: ibm-nativeAuthentication
objectclass: ibm-auxAccount
objectclass: inetOrgPerson
objectclass: organizationalperson
uid: Myname
cn: name
uidnumber: 50220001
gidnumber: 10001
homedirectory: /home/Myname
loginshell: /bin/bash
ou
# lsldap -a passwd egen031
dn: cn=User031,ou=CptPersonnel-MUT,ou=Identifiants,o=MUT,dc=Local
pmuAccountType: Compte Personnel
pmuDateFin: 20151231120000.0Z
pmuDateDebut: 20150122120000.0Z
pmuMatricule: User031
loginShell: /bin/bash
homeDirectory: /home/User031
gidNumber: 110
uidNumber: 57031
sasDefaultLoginSequence: <no default>
employeeType: Employe
mail:
uid: User031
givenName: Christian
fullName: SONOLET Christian
Language: FRANCAIS
sn: SONOLET
Il est alors possible de récupérer uniquement un champ de cette interrogation :
# lsldap -a passwd User031 |grep fullName
fullName: SONOLET Christian
Ci-dessous la documentation officielle en V7.1
lsldap Command
Note: If an LDAP user is created with a UID > 2 ^ 31, the lsldap command displays it as a negative number.
Purpose
Displays naming service objects from the configured LDAP directory server.
Syntax
lsldap [-a] [ entity [ entry_name | filter ] ]
Description
The lsldap command displays the naming service objects from the configured LDAP directory server. It queries the LDAP server through
the secldapclntd daemon. Some or all of the objects of a particular entity can be listed by the lsldap command. By default, the
lsldap command displays only the distinguished name (DN) of the returned objects. In addition, the -a flag can be used to view the
attributes.
The lsldap command supports the following entities:
Entity objectClass Default attribute name
aapolicies ibm-aixAccountingAdminPolicy ibm-aixAdminPolicyName
aaprojects ibm-aixAccountingProject ibm-aixProjectName
admkeystore ibm-usrkeystore cn
aixpert ibm-aixAixpert ibm-aixpertLabel
aliases mailGroup cn
auditclass AIXAuditClassStanza auditclassstanza
auditconfig AIXAuditConfig auditconfig
authorizations ibm-authorization cn
automount automountMap nisObject automountMapNamenisMapName
bootparams bootableDevice cn
domains ibm-aixRBACdomain ibm-aixRBACdomainName
domobjs ibm-aixRBACdomainObject ibm-aixRBACdomainObjectName
efscookies ibm-efskscookies cn
ethers ieee802Device cn
group posixgroupAIXAccessGroup cngroupname
grpkeystore ibm-grpkeystore cn
hosts ipHost cn
netgroup ipNetgroup cn
networks ipNetwork cn
passwd posixAccountAIXAccount uidusername
privcmds ibm-privcmd cn
privdevs ibm-privdev cn
protocols ipProtocol cn
roles aixaccessroles rolename
rpc oncRpc cn
services ipService cn
privfiles ibm-privfile cn
usrkeystore ibm-usrkeystore cn
The automount entity has two object classes. The lsldap command treats automountMap with higher precedence over nisMap by always
returning automountMap objects if it finds any, and returning nisMap objects only in the absence of automountMap objects.
For the passwd and group entities, the lsldap command returns the correct objects according to the LDAP client configuration.
However, the correct attribute name corresponding to the object classes must be supplied for lsldap passwd attribute=value queries.
If an entity name is not specified from the command line, the lsldap command displays container entries of the entities and any other
entries that are siblings of these containers. Users must have root permissions to list the container entries.
The entry_name parameter is the name of the object to be queried. For example, if the entity is passwd, the entry_name is the user
account name. The entry_name parameter is equivalent to default attribute name = entry_name. The lsldap command accepts the *
wildcard in entry_name for a substring search. All entries are returned if entry_name is not specified.
Instead of entry_name, a filter can also be supplied to search for entries that match certain criteria. Simple filters can be
specified as attributename=attributevalue, where attributename is the LDAP attribute name.
The lsldap command prints the result to stdout. If the -a flag is not specified, lsldap prints entries that are found in the form of
DNs, with each DN separated by a blank line. If the -a flag is specified, each entry is printed in the ldif format, with a blank line
between entries.
Flags
Item
Description
-a
Displays all attributes of returned objects. By default only the DN of the objects are displayed.
Exit Status
Upon success, the lsldap command returns 0. Upon failure, a nonzero value is returned, with one of the following error messages that
are written to stderr:
Item
Description
EIO
Connection error.
EINVAL
Invalid parameters.
EPERM
No permission to run the operation.
ENOMEM
Not enough memory.
other errno
Other errors.
Security
The lsldap command can be run by any user. It is owned by the root user and security group, and has access permissions of 555.
When you list the passwd entity with the -a flag by root user, lsldap returns all attributes of the found users. However, when the
same command is run by a nonprivileged user, lsldap returns only the same commonly readable attributes as returned by the lsuser
command in addition to the object class information. For all other entities, there is no difference in output regardless of which
user runs the command.
Examples
1 To list all entries of the host entity, enter the following command:
lsldap hosts
Information similar to the following is returned:
dn: cn=myhost+ipHostNumber=192.3.193.46,ou=Hosts,cn=aixdata
dn: cn=starfish+ipHostNumber=192.3.193.47,ou=Hosts,cn=aixdata
dn: cn=loopback+ipHostNumber=127.0.0.1,ou=Hosts,cn=aixdata
2 To list host starfish and all of its attributes, enter the following command:
lsldap -a hosts starfish
Information similar to the following is returned:
dn: cn=starfish+ipHostNumber=192.3.193.47,ou=Hosts,cn=aixdata
objectClass: top
objectClass: ipHost
objectClass: device
ipHostNumber: 192.3.193.47
cn: loopback
cn: localhost
3 To list users with names that begin with the letter b, enter the following command:
lsldap passwd "b*"
Information similar to the following is returned:
dn: uid=bin,ou=people,cn=aixdata
dn: uid=bob,ou=people,cn=aixdata
4 To list user foo and its attributes, enter the following command:
lsldap -a passwd foo
Information similar to the following is returned:
dn: uid=foo,ou=people,cn=aixdata
uid: foo
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
cn: foo
uidNumber: 259
gidNumber: 1
homeDirectory: /home/foo
loginShell: /usr/bin/ksh
shadowlastchange: 12740
userpassword: {crypt}rNnLQ9TAD2u/k
shadowmin: 5
5 To list users who run /usr/bin/ksh, enter the following command:
lsldap passwd loginshell=/usr/bin/ksh
Information similar to the following is returned:
dn: uid=bin,ou=people,cn=aixdata
dn: uid=bob,ou=people,cn=aixdata
dn: uid=foo,ou=people,cn=aixdata
Restrictions
The lsldap command relies on the secldapclntd daemon to work.
Location
/usr/sbin/lsldap
