Appendix B. Finding Directory Entries

optional_search_filter is an LDAP search filter as described in Section 3, “LDAP Search Filters”. Do not specify a separate search filter if search filters are specified in a file using the -foption.

optional_list_of_attributes is a list of attributes separated by a space. Specifying a list of attributes reduces the number of attributes returned in the search results. This list of attributes must appear after the search filter. For an example, see Section 2.4.6, “Displaying Subsets of Attributes”. If a list of attributes is not specified, the search returns values for all attributes permitted by the access control set in the directory (with the exception of operational attributes).

NOTE

For operational attributes to be returned as a result of a search operation, they must be explicitly specified in the search command. To retrieve regular attributes in addition to explicitly specified operational attributes, use an asterisk (*) in the list of attributes in the ldapsearch command. To retrieve no attributes, just a list of the matching DNs, use the special attribute 1.1. This is useful, for example, to get a list of DNs to pass to the ldapdelete command.

2.3. Commonly Used ldapsearch Options

The following table lists the most commonly used ldapsearch command-line options. If a specified value contains a space ( ), the value should be surrounded by single or double quotation marks, such as -b "ou=groups, dc=example,dc=com".

Option

 

Description

 

 

 

 

 

-b

 

Specifies the starting point for the search. The

 

 

 

value specified here must be a distinguished

 

 

 

name that currently exists in the database.

 

 

 

This is optional if the LDAP_BASEDN

 

 

 

environment variable has been set to a base

 

 

 

DN. The value specified in this option should

 

 

 

be provided in single or double quotation

 

 

 

marks. For example:

 

 

 

 

 

 

 

-b "cn=Barbara Jensen, ou=Product

 

 

 

Development,dc=example,dc=com"

 

 

 

 

 

 

 

To search the root DSE entry, specify an

 

 

 

empty string here, such as -b "" .

 

 

 

 

 

-D

 

Specifies the distinguished name with which

 

 

 

to authenticate to the server. This is optional if

 

 

 

anonymous access is supported by the

 

 

 

 

 

554

Page 574
Image 574
HP UX Red Hat Direry Server Software manual Commonly Used ldapsearch Options, Option Description