6.4 ldapsearch

The configurable utility named ldapsearch locates and retrieves directory entries through LDAP. This utility opens a connection to the specified server using the specified distinguished name and password and locates entries based on a specified search filter. Search scopes can include a single entry, an entry's immediate subentries, or an entire tree or subtree. Search results are returned in LDIF format.

“ldapsearch syntax” (page 190)

“Commonly-used ldapsearch options” (page 190)

“Persistent search options” (page 192)

“ldapsearch SSL options” (page 192)

“ldapsearch SASL options” (page 193)

“Additional ldapsearch options” (page 199)

6.4.1ldapsearch syntax

ldapsearch -bbasedn -sscope [optional_options] "(attribute=filter)" [optional_list_of_attributes ]

For any value that contains a space ( ), the value should be enclosed in double quotation marks. For example:

-b "ou=groups, dc=example,dc=com"

Table 6-2 ldapsearch syntax

Option

Description

optional_options

A series of command-line options. These must be specified before the search filter,

 

if used.

 

 

"(filter)"

An LDAP search filter as described in HP-UX Directory Server administrator guide.

 

Do not specify a search filter if search filters are supplied in a file using the -f

 

option.

optional_list_of_attributes A list of space-separated attributes that reduce the scope of the attributes returned in the search results. This list of attributes must appear after the search filter. For a usage example, see the HP-UX Directory Server administrator guide. If a list of attributes is not specified, the search returns values for all attributes permitted by the access control set in the directory with the exception of operational attributes.

To return operational attributes as a result of a search operation, they must be explicitly specified in the search command. To retrieve regular attributes along with explicitly-specified operational attributes, specify an asterisk (*) in addition to the operational attributes.

6.4.2 Commonly-used ldapsearch options

Table 6-3“Commonly-used ldapsearch options”lists the most commonly used ldapsearch command-line options.

The most common ldapsearch usage specifies the host and port number, bind DN and password, scope, base DN, and a filter that returns every entry under the search base:

ldapsearch -b basedn -s sub -h host -p port -D binddn -w password "(objectclass=*)"

190 Command-line utilities