lsldap

Use the lsldap command to display the details for the system-wide Lightweight Directory Access Protocol (LDAP) configuration.

Syntax

lsldap [ -nohdr ] [ -delimdelimiter ]

Parameters

-nohdr
(Optional) By default, headings are displayed for each column of data in a concise style view, and for each item of data in a detailed style view. The -nohdr parameter suppresses the display of these headings.
Note: If there is no data to be displayed, headings are not displayed.
-delimdelimiter
(Optional) By default, in a concise view all columns of data are space-separated, with the width of each column set to the maximum width of each item of data. In a detailed view, each item of data is an individual row, and if you display headers, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a 1-byte character. Enter -delim : on the command line, and the colon character (:) separates all items of data in a concise view (for example, the spacing of columns does not occur); in a detailed view, the specified delimiter separates the data from its header.

Description

This table provides the attribute values that can be displayed as output view data.
Table 1. lsldap attribute values
Attribute Value
type Indicates the LDAP server type. The values are:
  • ad indicates that it is an Active Directory server.
  • itds indicates that it is an IBMTivoli Directory Server.
  • other indicates that it is another type of server.
enabled Indicates whether native LDAP authentication is enabled. The value is yes or no/
error_sequence_number Indicates the sequence number of non-fixed LDAP configuration error log. The value is a number (integer).
username Indicates the binding user name or distinguished name. The value is an alphanumeric string or blank if there is no name.
security Indicates the type of security in use. The values are:
  • tls indicates that it is Transport Layer Security.
  • none indicates that there is no security.
user_attribute Indicates the LDAP attribute that represents the user login.
group_attribute Indicates the LDAP attribute that represents the user group membership.
audit_log_attribute Indicates the LDAP attribute that represents the user name in audit log.
auth_cache_minutes Indicates the period (in minutes) for which to cache session details.
nested_group_search Indicates the handling of nested groups. The values are:
  • off indicates that there is no nested group handling search.
  • client indicates that the system must search for nested groups on the client.
  • server indicates that the system must search for nested groups on the server.

An invocation example

lsldap -delim :

The resulting output:

type:ad
enabled:yes
error_sequence_number:12
username:admin@company.com
security:tls
user_attribute:sAMAccountName
group_attribute:memberOf
audit_log_attribute:userPrincipalName
auth_cache_minutes:10
nested_group_search:off