HP UX Identity Security Software 6.4.4 ldapsearch SSL options, 6.4.3 Persistent search options

Table 6-3 Commonly-used ldapsearch options (continued)

Option	Description
-x	Specifies that the search results are sorted on the server rather than on the client. This is useful to
	sort according to a matching rule, as with an international search. In general, it is faster to sort on
	the server rather than on the client.

-z	Specifies the maximum number of entries to return in response to a search request. For example:
	-z 1000
	Normally, regardless of the value specified here, the ldapsearch utility never returns more entries
	than the number allowed by the server's nsslapd-sizelimitattribute, unless the authenticated
	user is the Directory Manager. However, this limitation can be overridden by binding as the root
	DN when using this command-line argument. This is because binding as the root DN causes this
	option to default to zero (0). The default value for the nsslapd-sizelimitattribute is 2000
	entries. See “nsslapd-sizelimit (Size limit)” for more information.

6.4.3 Persistent search options

A persistent search leaves the search operation open after the initial search results are returned. This allows the entries returned in the search to remain in cache and updates to be transmitted and included as they occur. Persistent searches leave the ldapsearch open until the client closes the connection. Using persistent searches is described in the "Finding directory entries" appendix of the HP-UX Directory Server administrator guide.

#ldapsearch -r -C PS:changetype[:changesonly[:entrychgcontrols]]\ -b dc=example,dc=com objectclass=*

In the access logs, a persistent search is identifies with the tag options=persistent.

Table 6-4 Persistent search options

Option	Description
-C	Runs the ldapsearch utility as a persistent search.

-r	Prints all the output from the ldapsearch command from the buffer immediately. This is
	useful with the -Cfor persistent searches because it prints any entry modifications without
	delay and without the search hanging. It can also be used with other searches (using the
	ldapsearch utility), not only persistent searches.

PS:changetype Specifies which types of changes to entries allow the entry to be returned in the persistent search. There options are:

•add

•delete

•modify

•moddn (modRDN)

•all

changesonly Sets whether to return all existing entries which match the search filter (0) or only to return matching entries when the entry is modified (1). The default is 1

entrychgcontrols Sets whether to send entry change controls, additional information about the modification made to the entry. If the value is set to 0, then only the entry is returned. If the value is set to 1, then a line is added to the entry as it is returned to the persistent search that lists the changeType performed on the entry. The default is 1.

6.4.4 ldapsearch SSL options

The following command-line options can be used to specify that ldapsearch utility use LDAPS when communicating with an SSL-enabled Directory Server or used for certificate-based authentication. These options are valid only when LDAPS has been turned on and configured for the Directory Server. For information on certificate-based authentication and creating a certificate database for use with LDAP clients, see the "Managing SSL" chapter in the HP-UX Directory Server administrator guide.

192 Command-line utilities