ldapsearch command
Purpose
Opens a connection to an LDAP server, binds, and performs a search using the filter filter.
Syntax
ldapsearch [-a ][-A ][-b basedn][-B][-C][-d][-D ][-e ][-f][-F][-G][-h][-i][-k][-K][-l][-L][-m][-M][-n][-N][-o][-O][-p][-P][-q][-R][-s][-t][-T][-U][-v][-V][-w][-y][-Y][-z ][-Z][-9] filter [attributes...]
where basedn equals the base
distinguished name for the search, filter equals the LDAP search
filter, options equals any other flags, and attributes equals
a whitespace-separated list of attributes to retrieve. If no attribute
list is specified, all attributes are retrieved.
Note: basedn is
optional if LDAP_BASEDN is set in the environment.
Description
If the ldapsearch command finds one or more entries, the attributes specified by attrs are retrieved and the entries and values are printed to standard output. If no attrs are listed, all attributes are returned.
Flags
| Flag name | Description |
|---|---|
| -a deref | Specifies how to dereference aliases (never, always, search, or find). |
| -A | Retrieves attribute names only (no values). |
| -b basedn | Specifies base distinguished name (dn) for search. LDAP_BASEDN in environment is the default. |
| -B | Specifies not to suppress printing of non-ASCII values. |
| -C charset | Sets the character set name to use, as registered with Internet Assigned Numbers Authority (IANA). |
| -d level | Sets the debugging level in LDAP library. |
| -D dn | Binds dn. |
| -e | Displays LDAP library version information and quit. |
| -f file | Performs sequence of searches using filters in ‘file' “ must be substituted for the filter. |
| -F sep | Prints ‘sep' between attribute names and values. |
| -G realm | Specifies that realm is to be used for the DIGEST-MD5 bind mechanism. |
| -h host | Specifies the LDAP server host name. |
| -i file | Performs sequence of searches using filters in ‘file' “ must be substituted for the filter. |
| -k | Uses server administration control on bind. |
| -K keyfile | Specifies the file to use for the keys. |
| -l time | Specifies time limit (in seconds) for search. |
| -L | Prints entries in LDIF format (-B is implied). |
| -m mechanism | Performs SASL bind with the specified mechanism. |
| -M | Manages referral objects as normal entries. |
| -n | Shows what would be done but don't actually perform the action. |
| -N key_name | Specifies the private key name to use in the keyfile. |
| -o attr_type | Sorts based on specified attribute type. |
| -O maxhops | Specifies the maximum number of referrals to follow in a sequence. |
| -p port | Specifies the LDAP server port number. |
| -P key_pw | Specifies the keyfile password. |
| -q pagesize | Queries page size for paged results. |
| -R | Specifies not to chase referrals. |
| -s scope | Searches scope. The search scope can be one of the following: base, one, or sub. |
| -t scope | Writes values to files in /tmp. |
| -T seconds | Specifies the number of seconds to wait between pages for paged results. |
| -U username | Specifies the user name for the DIGEST-MD5 bind mechanism. |
| -v | Runs in verbose mode. |
| -V version | Specifies the LDAP protocol version. The version can be 2 or 3. The default is 3. |
| -w password | Binds password or '?' for non-echoed prompt. |
| -y proxydn | Sets proxied ID for proxied authorization operation. |
| -Y | Uses a secure LDAP connection (TLS). |
| -zsize | Specifies the size limit (in entries) for the search. |
| -Z | Uses a secure LDAP connection (SSL). |
| -9control | Sets the criticality for control option. The
control can be one of the following options:
|
Exit Status
Examples
To
open a connection to the LDAP server and search on specific attributes,
type:
ldapsearch -h vclient.host.com -D cn=admin -w adminpw -b cn=aixdata objectclass=*