Penguin
Recent Changes
Blame: ldapsearch(1)
EditPageHistoryDiffInfoLikePages
Annotated edit history of ldapsearch(1) version 4, including all changes. View license author blame.
Rev Author # Line
1 perry 1 LDAPSEARCH
2 !!!LDAPSEARCH
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 OPTIONS
7 OUTPUT FORMAT
8 EXAMPLE
9 DIAGNOSTICS
10 SEE ALSO
11 AUTHOR
12 ACKNOWLEDGEMENTS
13 ----
14 !!NAME
15
16
17 ldapsearch - LDAP search tool
18 !!SYNOPSIS
19
20
21 __ldapsearch__ [[__-n__] [[__-u__] [[__-v__]
22 [[__-k__] [[__-K__] [[__-t__] [[__-A__] [[__-C__]
23 [[__-L[[L[[L]]__] [[__-M[[M]__] [[__-d__
24 ''debuglevel''] [[__-f__ ''file''] [[__-D__
25 ''binddn''] [[__-W__] [[__-w__ ''bindpasswd'']
26 [[__-H__ ''ldapuri''] [[__-h__ ''ldaphost'']
27 [[__-p__ ''ldapport''] [[__-P__ ''2''|''3'']
28 [[__-b__ ''searchbase''] [[__-s__
29 ''base''|''one''|''sub''] [[__-a__
30 ''never''|''always''|''search''|''find'']
31 [[__-l__ ''timelimit''] [[__-z__ ''sizelimit'']
32 [[__-O__ security-properties__]__ [[__-I__]
33 [[__-Q__] [[__-U__ ''authcid''] [[__-x__]
34 [[__-X__ ''authzid''] [[__-Y__ ''mech'']
35 [[__-Z[[Z]__] ''filter'' [[''attrs...'']
36 !!DESCRIPTION
37
38
39 ''ldapsearch'' is a shell-accessible interface to the
4 perry 40 ldap_search(3) library call.
1 perry 41
42
43 __ldapsearch__ opens a connection to an LDAP server,
44 binds, and performs a search using specified parameters. The
45 ''filter'' should conform to the string representation
46 for search filters as defined in RFC 2254. If not provided,
47 the default filter, (objectClass=*), is used.
48
49
50 If __ldapsearch finds one or more entries, the attributes
51 specified by__ ''attrs'' are returned. If * is listed,
52 all user attributes are returned. If + is listed, all
53 operational attributes are returned. If no ''attrs'' are
54 listed, all attributes are returned. If only 1.1 is listed,
55 no attributes will be returned.
56 !!OPTIONS
57
58
59 __-n__
60
61
62 Show what would be done, but don't actually perform the
63 search. Useful for debugging in conjunction with
64 -v.
65
66
67 __-u__
68
69
70 Include the User Friendly Name form of the Distinguished
71 Name (DN) in the output.
72
73
74 __-v__
75
76
77 Run in verbose mode, with many diagnostics written to
78 standard output.
79
80
81 __-k__
82
83
84 Use Kerberos IV authentication instead of simple
85 authentication. It is assumed that you already have a valid
86 ticket granting ticket. __ldapsearch__ must be compiled
87 with Kerberos support for this option to have any
88 effect.
89
90
91 __-K__
92
93
94 Same as -k, but only does step 1 of the Kerberos IV bind.
95 This is useful when connecting to a slapd and there is no
96 x500dsa.hostname principal registered with your Kerberos
97 Domain Controller(s).
98
99
100 __-t__
101
102
103 Write retrieved values to a set of temporary files. This is
104 useful for dealing with non-ASCII values such as jpegPhoto
105 or audio.
106
107
108 __-A__
109
110
111 Retrieve attributes only (no values). This is useful when
112 you just want to see if an attribute is present in an entry
113 and are not interested in the specific values.
114
115
116 __-L__
117
118
119 Search results are display in LDAP Data Interchange Format
120 detailed in ldif(5). A single -L restricts the output
121 to LDIFv1. A second -L disables comments. A third -L
122 disables printing of the LDIF version. The default is to use
123 an extended version of LDIF.
124
125
126 __-M[[M]__
127
128
129 Enable manage DSA IT control. __-MM__ makes control
130 critical.
131
132
133 __-C__
134
135
136 Automatically chase referrals.
137
138
139 __-S__ ''attribute''
140
141
142 Sort the entries returned based on ''attribute''. The
143 default is not to sort entries returned. If ''attribute''
144 is a zero-length string (
145 ''ldap_sort__(3) for more details. Note that
146 __ldapsearch__ normally prints out entries as it receives
147 them. The use of the __-S__ option defeats this behavior,
148 causing all entries to be retrieved, then sorted, then
149 printed.
150
151
152 __-d__ ''debuglevel''
153
154
155 Set the LDAP debugging level to ''debuglevel''.
156 __ldapsearch__ must be compiled with LDAP_DEBUG defined
157 for this option to have any effect.
158
159
160 __-f__ ''file''
161
162
163 Read a series of lines from ''file'', performing one LDAP
164 search for each line. In this case, the ''filter'' given
165 on the command line is treated as a pattern where the first
166 occurrence of __%s__ is replaced with a line from
167 ''file''. If ''file'' is a single ''-'' character,
168 then the lines are read from standard input.
169
170
171 __-x__
172
173
174 Use simple authentication instead of SASL.
175
176
177 __-D__ ''binddn''
178
179
180 Use the Distinguished Name ''binddn'' to bind to the LDAP
181 directory.
182
183
184 __-W__
185
186
187 Prompt for simple authentication. This is used instead of
188 specifying the password on the command line.
189
190
191 __-w__ ''bindpasswd''
192
193
194 Use ''bindpasswd'' as the password for simple
195 authentication.
196
197
198 __-H__ ''ldapuri''
199
200
201 Specify URI(s) referring to the ldap server(s).
202
203
204 __-h__ ''ldaphost''
205
206
207 Specify an alternate host on which the ldap server is
208 running. Deprecated in favor of -H.
209
210
211 __-p__ ''ldapport''
212
213
214 Specify an alternate TCP port where the ldap server is
215 listening. Deprecated in favor of -H.
216
217
218 __-b__ ''searchbase''
219
220
221 Use ''searchbase'' as the starting point for the search
222 instead of the default.
223
224
225 __-s__ ''base''|''one''|''sub''
226
227
228 Specify the scope of the search to be one of ''base'',
229 ''one'', or ''sub'' to specify a base object,
230 one-level, or subtree search. The default is
231 ''sub''.
232
233
234 __-a__
235 ''never''|''always''|''search''|''find''
236
237
238 Specify how aliases dereferencing is done. Should be one of
239 ''never'', ''always'', ''search'', or ''find''
240 to specify that aliases are never dereferenced, always
241 dereferenced, dereferenced when searching, or dereferenced
242 only when locating the base object for the search. The
243 default is to never dereference aliases.
244
245
246 __-P__ ''2''|''3''
247
248
249 Specify the LDAP protocol version to use.
250
251
252 __-l__ ''timelimit''
253
254
255 wait at most ''timelimit'' seconds for a search to
256 complete. A timelimit of ''0'' (zero) removes the
257 __ldap.conf__ limit. A server may impose a maximal
258 timelimit which only the root user may
259 override.
260
261
262 __-z__ ''sizelimit''
263
264
265 retrieve at most ''sizelimit'' entries for a search. A
266 sizelimit of ''0'' (zero) removes the __ldap.conf__
267 limit. A server may impose a maximal sizelimit which only
268 the root user may override.
269
270
271 __-O__ ''security-properties''
272
273
274 Specify SASL security properties.
275
276
277 __-I__
278
279
280 Enable SASL Interactive mode. Always prompt. Default is to
281 prompt only as needed.
282
283
284 __-Q__
285
286
287 Enable SASL Quiet mode. Never prompt.
288
289
290 __-U__ ''authcid''
291
292
293 Specify the authentication ID for SASL bind. The form of the
294 ID depends on the actual SASL mechanism used.
295
296
297 __-X__ ''authzid''
298
299
300 Specify the requested authorization ID for SASL bind.
301 ''authzid'' must be one of the following formats:
302 __dn:__'''' or
303 __u:__''''
304
305
306 __-Y__ ''mech''
307
308
309 Specify the SASL mechanism to be used for authentication. If
310 it's not specified, the program will choose the best
311 mechanism the server knows.
312
313
314 __-Z[[Z]__
315
316
317 Issue StartTLS (Transport Layer Security) extended
318 operation. If you use __-ZZ__, the command will require
319 the operation to be successful.
320 !!OUTPUT FORMAT
321
322
323 If one or more entries are found, each entry is written to
324 standard output in LDAP Data Interchange Format or
325 ldif(5):
326
327
328 version: 1
329 # bjensen, example, net
330 dn: uid=bjensen, dc=example, dc=net
331 objectClass: person
332 objectClass: dcObject
333 uid: bjensen
334 cn: Barbara Jensen
335 sn: Jensen
336 ...
337 If the -t option is used, the URI of a temporary file is used in place of the actual value. If the -A option is given, only the
338 !!EXAMPLE
339
340
341 The following command:
342
343
344 ldapsearch -LLL
4 perry 345 will perform a subtree search (using the default search base defined in ldap.conf(5)) for entries with a surname (sn) of smith. The common name (cn), surname (sn) and telephoneNumber values will be retrieved and printed to standard output. The output might look something like this if two entries are found:
1 perry 346
347
348 dn: uid=jts, dc=example, dc=com
349 cn: John Smith
350 cn: John T. Smith
351 sn: Smith
352 sn;lang-en: Smith
353 sn;lang-de: Schmidt
354 telephoneNumber: 1 555 123-4567
355 dn: uid=sss, dc=example, dc=com
356 cn: Steve Smith
357 cn: Steve S. Smith
358 sn: Smith
359 sn;lang-en: Smith
360 sn;lang-de: Schmidt
361 telephoneNumber: 1 555 765-4321
362 The command:
363
364
365 ldapsearch -LLL -u -t
366 will perform a subtree search using the default search base for entries with user id of
367
368
369 dn: uid=xyz, dc=example, dc=com
370 ufn: xyz, example, com
371 audio:
372 This command:
373
374
375 ldapsearch -LLL -s one -b
376 will perform a one-level search at the c=US level for all entries whose organization name (o) begins begins with __University__. The organization name and description attribute values will be retrieved and printed to standard output, resulting in output similar to this:
377
378
379 dn: o=University of Alaska Fairbanks, c=US
380 o: University of Alaska Fairbanks
381 description: Preparing Alaska for a brave new yesterday
382 description: leaf node only
383 dn: o=University of Colorado at Boulder, c=US
384 o: University of Colorado at Boulder
385 description: No personnel information
386 description: Institution of education and research
387 dn: o=University of Colorado at Denver, c=US
388 o: University of Colorado at Denver
389 o: UCD
390 o: CU/Denver
391 o: CU-Denver
392 description: Institute for Higher Learning and Research
393 dn: o=University of Florida, c=US
394 o: University of Florida
395 o: UFl
396 description: Warper of young minds
397 etc....
398 !!DIAGNOSTICS
399
400
401 Exit status is zero if no errors occur. Errors result in a
402 non-zero exit status and a diagnostic message being written
403 to standard error.
404 !!SEE ALSO
405
406
407 ldapadd(1), ldapdelete(1),
408 ldapmodify(1), ldapmodrdn(1),
4 perry 409 ldap.conf(5), ldif(5), ldap(3),
410 ldap_search(3)
1 perry 411 !!AUTHOR
412
413
414 The OpenLDAP Project
415 !!ACKNOWLEDGEMENTS
416
417
418 __OpenLDAP__ is developed and maintained by The OpenLDAP
419 Project (http://www.openldap.org/). __OpenLDAP__ is
420 derived from University of Michigan LDAP 3.3
421 Release.
422 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.