<refpurpose>search LDIF with LDAP filters</refpurpose>
<arg choice="req">options</arg>
<arg choice="opt">filter</arg>
<arg choice="opt" rep="repeat">attribute</arg>
<para>This utility can be used to perform search operations against data in
an LDIF file.</para>
<para>The following options are supported.</para>
<term><option>-b, --baseDN {baseDN}</option></term>
<para>The base DN for the search. Multiple base DNs may be specified by
providing the option multiple times. If no base DN is provided, then the
root DSE will be used.</para>
<term><option>-f, --filterFile {filterFile}</option></term>
<para>The path to the file containing the search filter(s) to use. If
this is not provided, then the filter must be provided on the command line
after all configuration options.</para>
<term><option>-l, --ldifFile {ldifFile}</option></term>
<para>LDIF file containing the data to search. Multiple files may be
specified by providing the option multiple times. If no files are provided,
the data will be read from standard input.</para>
<term><option>-o, --outputFile {outputFile}</option></term>
<para>The path to the output file to which the matching entries should be
written. If this is not provided, then the data will be written to
standard output.</para>
<term><option>-O, --overwriteExisting</option></term>
<para>Any existing output file should be overwritten rather than appending
to it.</para>
<term><option>-s, --searchScope {scope}</option></term>
<para>The scope for the search. It must be one of 'base', 'one', 'sub',
or 'subordinate'. If it is not provided, then 'sub' will be used.</para>
<term><option>-t, --timeLimit {timeLimit}</option></term>
<para>Maximum length of time (in seconds) to spend processing.</para>
<para>Default value: 0</para>
<term><option>-T, --dontWrap</option></term>
<para>Long lines should not be wrapped.</para>
<term><option>-V, --version</option></term>
<para>Display version information.</para>
<term><option>-z, --sizeLimit {sizeLimit}</option></term>
<para>Maximum number of matching entries to return.</para>
<para>Default value: 0</para>
<term><option>-?, -H, --help</option></term>
<para>Display usage information.</para>
<para>The filter argument is a string representation of an LDAP search filter
as in <literal>(cn=Babs Jensen)</literal>, <literal
>(&amp;(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))</literal>, or
<literal>(cn:caseExactMatch:=Fred Flintstone)</literal>.</para>
<para>The optional attribute list specifies the attributes to return in the
entries found by the search. In addition to identifying attributes by name
such as <literal>cn sn mail</literal> and so forth, you can use the following
notations, too.</para>
<para>Return all user attributes such as <literal>cn</literal>,
<literal>sn</literal>, and <literal>mail</literal>.</para>
<para>Return all operational attributes such as <literal>etag</literal>
and <literal>pwdPolicySubentry</literal>.</para>
<para>Return all attributes of the specified object class, where
<replaceable>objectclass</replaceable> is one of the object classes
on the entries returned by the search.</para>
Return no attributes, only the DNs of matching entries.
<title>Exit Codes</title>
<para>The command completed successfully.</para>
<term>&gt; 0</term>
<para>An error occurred.</para>
<para>The following example demonstrates use of the command.</para>
$ <userinput>ldifsearch -l /path/to/Example.ldif -b dc=example,dc=com uid=bjensen</userinput>
<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: bjensen
userpassword: hifalutin
facsimiletelephonenumber: +1 408 555 1992
givenname: Barbara
cn: Barbara Jensen
cn: Babs Jensen
telephonenumber: +1 408 555 1862
sn: Jensen
roomnumber: 0209
homeDirectory: /home/bjensen
l: Cupertino
ou: Product Development
ou: People
uidNumber: 1076
gidNumber: 1000</computeroutput>
<para>You can also use <literal>@<replaceable
>objectclass</replaceable></literal> notation in the attribute list to return
the attributes of a particular object class. The following example shows
how to return attributes of the <literal>posixAccount</literal> object
$ <userinput>ldifsearch --ldifFile /path/to/Example.ldif \
--baseDN dc=example,dc=com "(uid=bjensen)" @posixaccount</userinput>
<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: bjensen
userpassword: hifalutin
cn: Barbara Jensen
cn: Babs Jensen
homeDirectory: /home/bjensen
uidNumber: 1076
gidNumber: 1000</computeroutput>