Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
ldapsearch(1)
Edit
PageHistory
Diff
Info
LikePages
LDAPSEARCH !!!LDAPSEARCH NAME SYNOPSIS DESCRIPTION OPTIONS OUTPUT FORMAT EXAMPLE DIAGNOSTICS SEE ALSO AUTHOR ACKNOWLEDGEMENTS ---- !!NAME ldapsearch - LDAP search tool !!SYNOPSIS __ldapsearch__ [[__-n__] [[__-u__] [[__-v__] [[__-k__] [[__-K__] [[__-t__] [[__-A__] [[__-C__] [[__-L[[L[[L]]__] [[__-M[[M]__] [[__-d__ ''debuglevel''] [[__-f__ ''file''] [[__-D__ ''binddn''] [[__-W__] [[__-w__ ''bindpasswd''] [[__-H__ ''ldapuri''] [[__-h__ ''ldaphost''] [[__-p__ ''ldapport''] [[__-P__ ''2''|''3''] [[__-b__ ''searchbase''] [[__-s__ ''base''|''one''|''sub''] [[__-a__ ''never''|''always''|''search''|''find''] [[__-l__ ''timelimit''] [[__-z__ ''sizelimit''] [[__-O__ security-properties__]__ [[__-I__] [[__-Q__] [[__-U__ ''authcid''] [[__-x__] [[__-X__ ''authzid''] [[__-Y__ ''mech''] [[__-Z[[Z]__] ''filter'' [[''attrs...''] !!DESCRIPTION ''ldapsearch'' is a shell-accessible interface to the ldap_search(3) library call. __ldapsearch__ opens a connection to an LDAP server, binds, and performs a search using specified parameters. The ''filter'' should conform to the string representation for search filters as defined in RFC 2254. If not provided, the default filter, (objectClass=*), is used. If __ldapsearch finds one or more entries, the attributes specified by__ ''attrs'' are returned. If * is listed, all user attributes are returned. If + is listed, all operational attributes are returned. If no ''attrs'' are listed, all attributes are returned. If only 1.1 is listed, no attributes will be returned. !!OPTIONS __-n__ Show what would be done, but don't actually perform the search. Useful for debugging in conjunction with -v. __-u__ Include the User Friendly Name form of the Distinguished Name (DN) in the output. __-v__ Run in verbose mode, with many diagnostics written to standard output. __-k__ Use Kerberos IV authentication instead of simple authentication. It is assumed that you already have a valid ticket granting ticket. __ldapsearch__ must be compiled with Kerberos support for this option to have any effect. __-K__ Same as -k, but only does step 1 of the Kerberos IV bind. This is useful when connecting to a slapd and there is no x500dsa.hostname principal registered with your Kerberos Domain Controller(s). __-t__ Write retrieved values to a set of temporary files. This is useful for dealing with non-ASCII values such as jpegPhoto or audio. __-A__ Retrieve attributes only (no values). This is useful when you just want to see if an attribute is present in an entry and are not interested in the specific values. __-L__ Search results are display in LDAP Data Interchange Format detailed in ldif(5). A single -L restricts the output to LDIFv1. A second -L disables comments. A third -L disables printing of the LDIF version. The default is to use an extended version of LDIF. __-M[[M]__ Enable manage DSA IT control. __-MM__ makes control critical. __-C__ Automatically chase referrals. __-S__ ''attribute'' Sort the entries returned based on ''attribute''. The default is not to sort entries returned. If ''attribute'' is a zero-length string ( ''ldap_sort__(3) for more details. Note that __ldapsearch__ normally prints out entries as it receives them. The use of the __-S__ option defeats this behavior, causing all entries to be retrieved, then sorted, then printed. __-d__ ''debuglevel'' Set the LDAP debugging level to ''debuglevel''. __ldapsearch__ must be compiled with LDAP_DEBUG defined for this option to have any effect. __-f__ ''file'' Read a series of lines from ''file'', performing one LDAP search for each line. In this case, the ''filter'' given on the command line is treated as a pattern where the first occurrence of __%s__ is replaced with a line from ''file''. If ''file'' is a single ''-'' character, then the lines are read from standard input. __-x__ Use simple authentication instead of SASL. __-D__ ''binddn'' Use the Distinguished Name ''binddn'' to bind to the LDAP directory. __-W__ Prompt for simple authentication. This is used instead of specifying the password on the command line. __-w__ ''bindpasswd'' Use ''bindpasswd'' as the password for simple authentication. __-H__ ''ldapuri'' Specify URI(s) referring to the ldap server(s). __-h__ ''ldaphost'' Specify an alternate host on which the ldap server is running. Deprecated in favor of -H. __-p__ ''ldapport'' Specify an alternate TCP port where the ldap server is listening. Deprecated in favor of -H. __-b__ ''searchbase'' Use ''searchbase'' as the starting point for the search instead of the default. __-s__ ''base''|''one''|''sub'' Specify the scope of the search to be one of ''base'', ''one'', or ''sub'' to specify a base object, one-level, or subtree search. The default is ''sub''. __-a__ ''never''|''always''|''search''|''find'' Specify how aliases dereferencing is done. Should be one of ''never'', ''always'', ''search'', or ''find'' to specify that aliases are never dereferenced, always dereferenced, dereferenced when searching, or dereferenced only when locating the base object for the search. The default is to never dereference aliases. __-P__ ''2''|''3'' Specify the LDAP protocol version to use. __-l__ ''timelimit'' wait at most ''timelimit'' seconds for a search to complete. A timelimit of ''0'' (zero) removes the __ldap.conf__ limit. A server may impose a maximal timelimit which only the root user may override. __-z__ ''sizelimit'' retrieve at most ''sizelimit'' entries for a search. A sizelimit of ''0'' (zero) removes the __ldap.conf__ limit. A server may impose a maximal sizelimit which only the root user may override. __-O__ ''security-properties'' Specify SASL security properties. __-I__ Enable SASL Interactive mode. Always prompt. Default is to prompt only as needed. __-Q__ Enable SASL Quiet mode. Never prompt. __-U__ ''authcid'' Specify the authentication ID for SASL bind. The form of the ID depends on the actual SASL mechanism used. __-X__ ''authzid'' Specify the requested authorization ID for SASL bind. ''authzid'' must be one of the following formats: __dn:__'''' or __u:__'''' __-Y__ ''mech'' Specify the SASL mechanism to be used for authentication. If it's not specified, the program will choose the best mechanism the server knows. __-Z[[Z]__ Issue StartTLS (Transport Layer Security) extended operation. If you use __-ZZ__, the command will require the operation to be successful. !!OUTPUT FORMAT If one or more entries are found, each entry is written to standard output in LDAP Data Interchange Format or ldif(5): version: 1 # bjensen, example, net dn: uid=bjensen, dc=example, dc=net objectClass: person objectClass: dcObject uid: bjensen cn: Barbara Jensen sn: Jensen ... If the -t option is used, the URI of a temporary file is used in place of the actual value. If the -A option is given, only the !!EXAMPLE The following command: ldapsearch -LLL will perform a subtree search (using the default search base defined in ldap.conf(5)) for entries with a surname (sn) of smith. The common name (cn), surname (sn) and telephoneNumber values will be retrieved and printed to standard output. The output might look something like this if two entries are found: dn: uid=jts, dc=example, dc=com cn: John Smith cn: John T. Smith sn: Smith sn;lang-en: Smith sn;lang-de: Schmidt telephoneNumber: 1 555 123-4567 dn: uid=sss, dc=example, dc=com cn: Steve Smith cn: Steve S. Smith sn: Smith sn;lang-en: Smith sn;lang-de: Schmidt telephoneNumber: 1 555 765-4321 The command: ldapsearch -LLL -u -t will perform a subtree search using the default search base for entries with user id of dn: uid=xyz, dc=example, dc=com ufn: xyz, example, com audio: This command: ldapsearch -LLL -s one -b will perform a one-level search at the c=US level for all entries whose organization name (o) begins begins with __University__. The organization name and description attribute values will be retrieved and printed to standard output, resulting in output similar to this: dn: o=University of Alaska Fairbanks, c=US o: University of Alaska Fairbanks description: Preparing Alaska for a brave new yesterday description: leaf node only dn: o=University of Colorado at Boulder, c=US o: University of Colorado at Boulder description: No personnel information description: Institution of education and research dn: o=University of Colorado at Denver, c=US o: University of Colorado at Denver o: UCD o: CU/Denver o: CU-Denver description: Institute for Higher Learning and Research dn: o=University of Florida, c=US o: University of Florida o: UFl description: Warper of young minds etc.... !!DIAGNOSTICS Exit status is zero if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error. !!SEE ALSO ldapadd(1), ldapdelete(1), ldapmodify(1), ldapmodrdn(1), ldap.conf(5), ldif(5), ldap(3), ldap_search(3) !!AUTHOR The OpenLDAP Project !!ACKNOWLEDGEMENTS __OpenLDAP__ is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). __OpenLDAP__ is derived from University of Michigan LDAP 3.3 Release. ----
9 pages link to
ldapsearch(1)
:
ldapadd(1)
ldapdelete(1)
ldapmodify(1)
ldapmodrdn(1)
Man1l
ldap2dns(1)
ldap2dnsd(1)
LDAP
LDAPNotes
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
