NAME | Synopsis | Description | Options | Examples | Exit Status | Attributes | See Also
install-path/dsrk6/bin/dsmlsearch -h hostURL -b baseDN [options] [attribute]...
The dsmlsearch command searches for entries stored in a directory accessible through Directory Services Markup Language (DSML) v2, and displays the results in DSML format, including the specified attributes or all attributes returned if none are specified.
Filter files contain filters in DSML format. The dsmlsearch command does not support LDAP-style filters.
The dsmlsearch command supports the following options:
Dereference aliases as specified during a search. Possible values for the deref argument include:
Dereference aliases both when finding the base DN, and when searching below it.
Dereference aliases when finding the base DN.
Never dereference aliases (default).
This option has no effect when used with directories that do not support alias dereferencing.
Use the entry with the specified distinguished name (DN) as the base entry for the search scope.
Use the specified user identifier to authenticate.
The user identifier is the HTTP-layer identifier. The HTTP-layer identifier is typically mapped to an account in the directory. For example, if the uid value is used for HTTP-layer authentication, which maps in the directory to bind DN dn:uid=user-identifier,ou=people,dc=example,dc=com, then the dsmlsearch -D bjensen command would end up using permissions for directory operations based on the permissions for the account with entry DN uid=bjensen,ou=people,dc=example,dc=com. The user-identifier thus depends closely on the identity mapping between the HTTP layer and the LDAP layer.
If the user identifier and its password are omitted, the dsmlsearch command binds anonymously. The user identifier determines what entries and attributes the user can read, according to the permissions for the user.
Read the search filter or filters from the specified file.
Use the specified URL to access the directory.
The host URL takes the form http://host:port where host represents the host on which the directory runs, and port is the port on which the directory listens for DSML requests.
Read the bind password for simple HTTP authentication from the specified file.
Interrupt the search if the time limit specified in seconds is exceeded.
Use the specified search scope.
The following values are supported for scope:
Examine only the entry specified by the argument to the -b option.
Examine only to the entry specified by the argument to the -b option and its immediate children.
(Default) Examine the subtree whose root is the entry specified by the argument to the -b option.
Prompt for the bind password for simple HTTP authentication.
Use the specified bind password for simple HTTP authentication.
Return no more than the specified number of entries.
Examples in this section use the following conventions:
The dsmlsearch command is found in a directory present in the PATH used for the examples.
The directory server is located on a system named host.
The directory has been configured to support anonymous access for search and read. Therefore, you do not have to specify bind information.
The directory server listens for DSML requests over HTTP on port 8080.
The following command returns all entries in the suffix under the base DN. Use this only when you need to retrieve all entries and attributes:
$ cat filter <filter> <present name="objectclass"/> </filter> $ dsmlsearch -h http://host:8080 -b dc=example,dc=com -f filter |
The following command employs a more specific filter to narrow the search:
$ cat filter <filter> <equalityMatch name="uid"> <value>bjensen</value> </equalityMatch> </filter> $ dsmlsearch -h http://host:8080 -b dc=example,dc=com -f filter |
The following command searches the root DSE entry, which contains the list of suffixes supported by the directory and potentially other information. Notice you specify the scope as only the base entry:
$ cat filter <filter> <present name="objectclass"/> </filter> $ dsmlsearch -h http://host:8080 -b "" -s baseObject -f filter |
The following command searches the schema entry, which contains the directory schema. Notice you specify the scope as only the base entry:
$ cat filter <filter> <present name="objectclass"/> </filter> $ dsmlsearch -h http://host:8080 -b cn=schema -s baseObject -f filter |
The following list shows LDAP search filters with corresponding DSML search filters.
DSML filter:
<filter> <equalityMatch name="cn"> <value>Barbara Francis</value> </equalityMatch> </filter>
DSML filter:
<filter> <substrings name="cn"> <any>Barb</any> </substrings> </filter>
DSML filter:
<filter> <approxMatch name="cn"> <value>Barbare</value> </approxMatch> </filter>
DSML filter:
<filter> <not> <substrings name="cn"> <any>Barbara</any> </substrings> </not> </filter>
DSML filter:
<filter> <and> <substrings name="cn"> <any>Barbara</any> </substrings> <substrings name="cn"> <any>Francis</any> </substrings> </and> </filter>
DSML filter:
<filter> <or> <substrings name="cn"> <any>Barbara</any> </substrings> <substrings name="cn"> <any>Jensen</any> </substrings> </or> </filter>
Exit status values are returned as part of the response, including both the code and the description as described in the DSML v2 standard. Common exit status codes follow:
Successful completion; success.
Server encountered errors while processing the request; operationsError.
Server encountered errors while processing the request; protocolError.
Search exceeded the time limit for operations on the server; timeLimitExceeded.
Search returned more results than the maximum number allowed by the server; sizeLimitExceeded.
Base DN belongs to an entry handled by neither server, and the referral URL identifies another server that handles the entry; referral.
Search returned more results than the maximum number a client application is allowed by the server to retrieve; adminLimitExceeded.
Base DN belongs to an entry handled by neither server, and no referral URL is available for the entry; noSuchObject.
Bind DN user does not have permission to read the entry from the directory; insufficientAccessRights.
Directory is read-only; unwillingToPerform.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
Zip distribution only |
Stability Level |
Evolving |
NAME | Synopsis | Description | Options | Examples | Exit Status | Attributes | See Also