Table 6-3 Commonly-used ldapsearch options (continued)

Option

Description

-x

Specifies that the search results are sorted on the server rather than on the client. This is useful to

 

sort according to a matching rule, as with an international search. In general, it is faster to sort on

 

the server rather than on the client.

-z

Specifies the maximum number of entries to return in response to a search request. For example:

 

-z 1000

 

Normally, regardless of the value specified here, the ldapsearch utility never returns more entries

 

than the number allowed by the server's nsslapd-sizelimitattribute, unless the authenticated

 

user is the Directory Manager. However, this limitation can be overridden by binding as the root

 

DN when using this command-line argument. This is because binding as the root DN causes this

 

option to default to zero (0). The default value for the nsslapd-sizelimitattribute is 2000

 

entries. See “nsslapd-sizelimit (Size limit)” for more information.

6.4.3 Persistent search options

A persistent search leaves the search operation open after the initial search results are returned. This allows the entries returned in the search to remain in cache and updates to be transmitted and included as they occur. Persistent searches leave the ldapsearch open until the client closes the connection. Using persistent searches is described in the "Finding directory entries" appendix of the HP-UX Directory Server administrator guide.

#ldapsearch -r -C PS:changetype[:changesonly[:entrychgcontrols]]\ -b dc=example,dc=com objectclass=*

In the access logs, a persistent search is identifies with the tag options=persistent.

Table 6-4 Persistent search options

Option

Description

-C

Runs the ldapsearch utility as a persistent search.

-r

Prints all the output from the ldapsearch command from the buffer immediately. This is

 

useful with the -Cfor persistent searches because it prints any entry modifications without

 

delay and without the search hanging. It can also be used with other searches (using the

 

ldapsearch utility), not only persistent searches.

PS:changetype Specifies which types of changes to entries allow the entry to be returned in the persistent search. There options are:

add

delete

modify

moddn (modRDN)

all

changesonly Sets whether to return all existing entries which match the search filter (0) or only to return matching entries when the entry is modified (1). The default is 1

entrychgcontrols Sets whether to send entry change controls, additional information about the modification made to the entry. If the value is set to 0, then only the entry is returned. If the value is set to 1, then a line is added to the entry as it is returned to the persistent search that lists the changeType performed on the entry. The default is 1.

6.4.4 ldapsearch SSL options

The following command-line options can be used to specify that ldapsearch utility use LDAPS when communicating with an SSL-enabled Directory Server or used for certificate-based authentication. These options are valid only when LDAPS has been turned on and configured for the Directory Server. For information on certificate-based authentication and creating a certificate database for use with LDAP clients, see the "Managing SSL" chapter in the HP-UX Directory Server administrator guide.

192 Command-line utilities

Page 192
Image 192
HP UX Identity Security Software manual Persistent search options, Ldapsearch SSL options, Commonly-used ldapsearch options