-   Linux - Server (
-   -   LDAP 'description' attribute access. (

sheelavantar 09-04-2011 11:37 PM

LDAP 'description' attribute access.
Hi Friends,
Please let me know how can i access 'description' attribute stored in LDAP server from LDAP client(pam_ldap,nss_ldap).

Thank you.

Vijay S.

kbp 09-05-2011 06:05 PM

'man ldapsearch' ?

sheelavantar 09-05-2011 08:24 PM

no, I am running LDAP clients ( and on one linux machine and openLDAP server on the other machine. I have created few users and groups, for these entries i have created description also. I don't know how to access this 'description' attribute from client machine.

I tried using "getent passwd" "getent group", but description field is not displayed.

Please let me know how to access this attribute.

Thanks and Regards,
Vijay S.

kbp 09-05-2011 10:27 PM

In that case you probably want to map the attributes correctly, try adding:


nss_map_attribute gecos description
.. in /etc/ldap.conf

sheelavantar 09-06-2011 12:23 AM

I tried this, but didn't get the required information.

Let me explain what i need clearly. when i issue "getent passwd" or "getent group" commands I'll get the user information like name,uid,gid. getent will internally use getpwnam() or getgrnam() functions to fetch the information from LDAP server running on the other machine.

Similarly I want to fetch "description" attribute from a perticular user entry, example entry is shown below.

dn: cn=Vijay Sheelavantar, ou=people, dc=samsung, dc=com
cn: Vijay S Sheelavantar
sn: Sheelavantar
objectclass: top
objectclass: person
objectclass: posixAccount
objectclass: shadowAccount
homeDirectory: /home/vijay
description: This is user vijay's account

I want to access this description attribute from LDAP server at client side.

kbp 09-06-2011 06:07 PM

Performing the mapping will put the value of the description attribute into the gecos field for ldap users when running 'getent passwd'


getent passwd kbp | cut -d: -f5
I think we're not quite on the same page ... if you want to query a remote ldap server then you'll need to use a tool that can talk ldap like ldapsearch. If the machine you're on is using the ldap server for authentication/naming then you can use 'getent passwd'.

sheelavantar 09-06-2011 09:00 PM

Thank you very much...:) :)

It solved my problem, now I can access the description field.

Thank you.

All times are GMT -5. The time now is 02:45 AM.