HP UX Identity Security Software 6.4.6 Additional ldapsearch options

Required or

Option

Description

Example

optional

Required

mech=GSSAPI

Gives the SASL mechanism.

-o “mech=GSSAPI”

NOTE:

Have the Kerberos ticket before

issuing a GSS-API request.

Optional

secprop=value

The secprop attribute sets the

-o

security properties for the

“secprop=noplain,noanonymous,

connection. The secprop value

maxssf=56,minssf=56”

can be any of the following:

•

None

•

noplain

Do not permit mechanisms

susceptible to simple passive

attack.

•

noanonymous

Do not permit mechanisms

that allow anonymous access.

•

minssf

Require a minimum security

strength; this option needs a

numeric value specifying bits

of encryption. A value of -1

means integrity is provided

without privacy.

•

maxssf

Require a maximum security

strength; this option needs a

numeric value specifying bits

Option

Description

-A

Specifies that the search retrieve the attributes only, not the attribute values. This option is useful

to determine if an attribute is present for an entry and the value is not important.

-a

Specifies how alias dereferencing is completed. Values can be never, always, search, or find.

The default value is never.

-B

Print non-ASCII values using the old output format (attrName=attrValue).

-c

Specifies the getEffectiveRightscontrol authzid. For example:

dn:uid=bjensen,dc=example,dc=com

A value of "" means the authorization ID for the operation. A value of dn: means anonymous

-F

Specifies a different separator. This option allows a separator other than a colon (:) to separate an

attribute name from the corresponding value. For example:

-F +