The ldapsearch command opens a connection to an LDAP server, binds, and performs a search using the filter filter. If ldapsearch finds one or more entries, the attributes specified by attrs are retrieved and the entries and values are printed to standard output. If no attributes are listed, all attributes are returned.
The parameters for this command are:
[ -n ]
Shows what would be done, but doesn't actually perform the search. Useful in conjunction with -v and -d for debugging.
[ -u ]
Includes the user-friendly form of the Distinguished Name (DN) in the output.
[ -v ]
Runs in verbose mode, with diagnostics written to standard output.
[ -t ]
Writes retrieved values to a set of temporary files. This is useful for dealing with non-ASCII values such as jpeg photo or audio.
[ -A ]
Retrieves attributes only (no values). This is useful when you just want to see whether an attribute is present in an entry and are not interested in the specific value.
[ -B ]
Does not suppress display of non-ASCII values. This is useful when dealing with values that appear in alternate character sets such as ISO-8859.1. This option is automatically set by the -L option.
[ -L ]
Displays search results in LDIF format. This option also turns on the -B option, and causes the -F option to be ignored.
[ -R ]
Does not automatically follow referrals returned while searching.
[ -d debuglevel ]
Sets the LDAP debugging level. Useful levels of debugging for ldapmodify and ldapadd are:
1 - Trace
2 - Packets
4 - Arguments
32 - Filters
128 - Access control To request more than one category of debugging information, add the masks. For example, to request trace and filter information, specify a debuglevel of 33. See the section entitled "slapdcmd" for a complete list of debugging and trace levels.
[ -F sep ]
Uses sep as the field separator between attribute names and values. The default separator is an equal sign (=). If the -L flag has been specified, this option is ignored.
[ -f file ]
Reads a series of lines from file, performing one LDAP search for each line. In this case, the filter given on the command line is treated as a pattern where the first occurrence of % is replaced with a line from file. If file is a single character, then the lines are read from standard input.
[ -D binddn ]
Uses the distinguished name binddn to bind to the directory.
[ -w passwd ]
Uses passwd as the password for authentication to the directory.
[ -h ldaphost ]
Specifies an alternate host on which the slapd server is running.
[ -p ldapport ]
Specifies an alternate TCP port where the slapd server is listening.
[ -b searchbase ]
Uses searchbase as the starting point for the search instead of the default.
[ -s scope ]
Specifies the scope of the search. The possible values for scope are base, one, or sub to specify respectively a base object, one-level, or subtree search. The default is sub.
[ -S attribute ]
Sorts the entries returned base on attribute. The default behavior is not to sort entries returned. If attribute is a zero-length string (""), the entries are sorted by the components of their Distinguished Name. Note that ldapsearch normally prints out entries as it receives them. If you specify the -S option, all entries are retrieved, then sorted, then printed.
[ -a deref ]
Specifies how aliases dereferencing is done. The possible values for deref are never, always, search, or find to specify respectively that aliases are never dereferenced, always dereferenced, dereferenced when searching, or dereferenced only when finding the base object for the search. The default is to never dereference aliases.
[ -l timelimit ]
Waits, at most, timelimit seconds for a search to complete.
[ -z sizelimit ]
Retrieves, at most, sizelimit amount for a search to complete.
filter
A filter retrieves sys.log entries and interacts with selected subsets, depending on which filter is selected.
attrs
The set of attributes that are part of the log entries shown
| 1. | The following command:
|
performs a subtree search (using the default search base) for entries with a commonName of mark smith. The commonName and telephoneNumber values are retrieved and printed to standard output. The output might look like this:
| 2. | The command:
|
performs a subtree search using the default search base for entries with user id of mcs. The user-friendly form of the entry's DN is output after the line that contains the DN itself, and the jpegPhoto and audio values are retrieved and written to temporary files. The output might look like this if one entry with one value for each of the requested attributes is found:
| 3. | The command:
|
performs a one-level search at the c=US level for all organizations whose organizationName begins with XY. Search results are displayed in the LDIF format. The organizationName and description attribute values are retrieved and printed to standard output, resulting in output similar to the following:
Output Format
If one or more entries are found, each entry is written to standard output in the form:
Multiple entries are separated with a single blank line. If the -F option is used to specify a different separator character, this character is used instead of the `=' character. If the -t option is used, the name of a temporary file is returned in place of the actual value. If the -A option is given, only the "attributename" is returned and not the attribute value.