961N/A<?
xml version="1.0" encoding="UTF-8"?>
961N/A ! This work is licensed under the Creative Commons 961N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 961N/A ! To view a copy of this license, visit 961N/A ! or send a letter to Creative Commons, 444 Castro Street, 6983N/A ! Suite 900, Mountain View, California, 94041, USA. 961N/A ! You can also obtain a copy of the license at 961N/A ! See the License for the specific language governing permissions 961N/A ! and limitations under the License. 6983N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6983N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6983N/A ! Portions Copyright [yyyy] [name of copyright owner] 961N/A ! Copyright 2011-2012 ForgeRock AS 5636N/A<
refentry xml:
id='ldapsearch-1' 961N/A version='5.0' xml:
lang='en' 961N/A <
info><
copyright><
year>2011-2012</
year><
holder>ForgeRock AS</
holder></
copyright></
info>
<
refentrytitle>ldapsearch</
refentrytitle><
manvolnum>1</
manvolnum>
<
refmiscinfo class="software">OpenDJ</
refmiscinfo>
<
refmiscinfo class="version"><?
eval ${
currentSDKversion}?></
refmiscinfo>
<
refname>ldapsearch</
refname>
<
refpurpose>perform LDAP search operations</
refpurpose>
<
command>ldapsearch</
command>
<
arg choice="req">options</
arg>
<
arg choice="opt">filter</
arg>
<
arg choice="opt" rep="repeat">attributes</
arg>
<
title>Description</
title>
<
para>This utility can be used to perform LDAP search operations in the
<
para>The following options are supported.</
para>
<
term><
option>-a, --dereferencePolicy {dereferencePolicy}</
option></
term>
<
para>Alias dereference policy ('never', 'always', 'search', or 'find')</
para>
<
para>Default value: never</
para>
<
term><
option>-A, --typesOnly</
option></
term>
<
para>Only retrieve attribute names but not their values</
para>
<
term><
option>--assertionFilter {filter}</
option></
term>
<
para>Use the LDAP assertion control with the provided filter</
para>
<
term><
option>-b, --baseDN {baseDN}</
option></
term>
<
para>Base DN format string</
para>
<
term><
option>-c, --continueOnError</
option></
term>
<
para>Continue processing even if there are errors</
para>
<
term><
option>-C, --persistentSearch ps[:changetype[:changesonly[:entrychgcontrols]]]</
option></
term>
<
para>Use the persistent search control</
para>
<
term><
option>--countEntries</
option></
term>
<
para>Count the number of entries returned by the server</
para>
<
term><
option>-e, --getEffectiveRightsAttribute {attribute}</
option></
term>
<
para>Specifies geteffectiverights control specific attribute list</
para>
<
term><
option>-f, --filename {file}</
option></
term>
<
para>LDIF file containing the changes to apply</
para>
<
term><
option>-g, --getEffectiveRightsAuthzid {authzID}</
option></
term>
<
para>Use geteffectiverights control with the provided authzid</
para>
<
term><
option>-G, --virtualListView {before:after:index:count | before:after:value}</
option></
term>
<
para>Use the virtual list view control to retrieve the specified results page</
para>
<
term><
option>-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}</
option></
term>
<
para>Use a request control with the provided information</
para>
<
term><
option>-l, --timeLimit {timeLimit}</
option></
term>
<
para>Maximum length of time in seconds to allow for the search</
para>
<
para>Default value: 0</
para>
<
term><
option>--matchedValuesFilter {filter}</
option></
term>
<
para>Use the LDAP matched values control with the provided filter</
para>
<
term><
option>-n, --dry-run</
option></
term>
<
para>Show what would be done but do not perform any operation</
para>
<
term><
option>-s, --searchScope {searchScope}</
option></
term>
<
para>Search scope ('base', 'one', 'sub', or 'subordinate')</
para>
<
para>Default value: sub</
para>
<
para><
literal>subordinate</
literal> is an LDAP extension that might
not work with all LDAP servers.</
para>
<
term><
option>-S, --sortOrder {sortOrder}</
option></
term>
<
para>Sort the results using the provided sort order</
para>
<
term><
option>--simplePageSize {numEntries}</
option></
term>
<
para>Use the simple paged results control with the given page size</
para>
<
para>Default value: 1000</
para>
<
term><
option>-Y, --proxyAs {authzID}</
option></
term>
<
para>Use the proxied authorization control with the given authorization
<
term><
option>-z, --sizeLimit {sizeLimit}</
option></
term>
<
para>Maximum number of entries to return from the search</
para>
<
para>Default value: 0</
para>
<
title>LDAP Connection Options</
title>
<
term><
option>-D, --bindDN {bindDN}</
option></
term>
<
para>DN to use to bind to the server</
para>
<
para>Default value: cn=Directory Manager</
para>
<
term><
option>-E, --reportAuthzID</
option></
term>
<
para>Use the authorization identity control</
para>
<
term><
option>-h, --hostname {host}</
option></
term>
<
para>Directory server hostname or IP address</
para>
<
term><
option>-j, --bindPasswordFile {bindPasswordFile}</
option></
term>
<
para>Bind password file</
para>
<
term><
option>-K, --keyStorePath {keyStorePath}</
option></
term>
<
para> Certificate key store path</
para>
<
term><
option>-N, --certNickname {nickname}</
option></
term>
<
para>Nickname of certificate for SSL client authentication</
para>
<
term><
option>-o, --saslOption {name=value}</
option></
term>
<
para>SASL bind options</
para>
<
term><
option>-p, --port {port}</
option></
term>
<
para>Directory server port number</
para>
<
para>Default value: 389</
para>
<
term><
option>-P, --trustStorePath {trustStorePath}</
option></
term>
<
para>Certificate trust store path</
para>
<
term><
option>-q, --useStartTLS</
option></
term>
<
para>Use StartTLS to secure communication with the server</
para>
<
term><
option>-T, --trustStorePassword {trustStorePassword}</
option></
term>
<
para>Certificate trust store PIN</
para>
<
term><
option>-u, --keyStorePasswordFile {keyStorePasswordFile}</
option></
term>
<
para>Certificate key store PIN file</
para>
<
term><
option>-U, --trustStorePasswordFile {path}</
option></
term>
<
para>Certificate trust store PIN file</
para>
<
term><
option>--usePasswordPolicyControl</
option></
term>
<
para>Use the password policy request control</
para>
<
term><
option>-V, --ldapVersion {version}</
option></
term>
<
para>LDAP protocol version number</
para>
<
para>Default value: 3</
para>
<
term><
option>-w, --bindPassword {bindPassword}</
option></
term>
<
para>Password to use to bind to the server</
para>
<
term><
option>-W, --keyStorePassword {keyStorePassword}</
option></
term>
<
para>Certificate key store PIN</
para>
<
term><
option>-X, --trustAll</
option></
term>
<
para>Trust all server SSL certificates</
para>
<
term><
option>-Z, --useSSL</
option></
term>
<
para>Use SSL for secure communication with the server</
para>
<
term><
option>-i, --encoding {encoding}</
option></
term>
<
para>Use the specified character set for command-line input</
para>
<
term><
option>--noPropertiesFile</
option></
term>
<
para>No properties file will be used to get default command line
<
term><
option>--propertiesFilePath {propertiesFilePath}</
option></
term>
<
para>Path to the file containing default property values used for
command line arguments</
para>
<
term><
option>-t, --dontWrap</
option></
term>
<
listitem><
para>Do not wrap long lines</
para></
listitem>
<
term><
option>-v, --verbose</
option></
term>
<
para>Use verbose mode</
para>
<
title>General Options</
title>
<
term><
option>--version</
option></
term>
<
para>Display version information</
para>
<
term><
option>-?, -H, --help</
option></
term>
<
para>Display usage information</
para>
<
para>The filter argument is a string representation of an LDAP search filter
as in <
literal>(cn=Babs Jensen)</
literal>, <
literal >(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))</
literal>, or
<
literal>(cn:caseExactMatch:=Fred Flintstone)</
literal>.</
para>
<
para>The optional attribute list specifies the attributes to return in the
entries found by the search. In addition to identifying attributes by name
such as <
literal>cn sn mail</
literal> and so forth, you can use the following
<
term><
literal>*</
literal></
term>
<
para>Return all user attributes such as <
literal>cn</
literal>,
<
literal>sn</
literal>, and <
literal>mail</
literal>.</
para>
<
term><
literal>+</
literal></
term>
<
para>Return all operational attributes such as <
literal>etag</
literal>
and <
literal>pwdPolicySubentry</
literal>.</
para>
<
term><
literal>@<
replaceable>objectclass</
replaceable></
literal></
term>
<
para>Return all attributes of the specified object class, where
<
replaceable>objectclass</
replaceable> is one of the object classes
on the entries returned by the search.</
para>
<
title>Exit Codes</
title>
<
para>The command completed successfully.</
para>
<
term><
replaceable>ldap-error</
replaceable></
term>
<
para>An LDAP error occurred while processing the operation.</
para>
<
para>LDAP result codes are described in <
link 4511</
link>. Also see the additional information for details.</
para>
<
para>An error occurred while parsing the command-line arguments.</
para>
the defaults for bind DN, host name, and port number as in the following
bindDN=uid=kvaughan,ou=People,dc=example,dc=com
<
para>The following example searches for entries with UID containing
<
literal>jensen</
literal>, returning only DNs and uid values.</
para>
<
screen>$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=*jensen*)" uid
dn: uid=ajensen,ou=People,dc=example,dc=com
dn: uid=bjensen,ou=People,dc=example,dc=com
dn: uid=gjensen,ou=People,dc=example,dc=com
dn: uid=jjensen,ou=People,dc=example,dc=com
dn: uid=kjensen,ou=People,dc=example,dc=com
dn: uid=rjensen,ou=People,dc=example,dc=com
dn: uid=tjensen,ou=People,dc=example,dc=com
Result Code: 0 (Success)</
screen>
<
para>You can also use <
literal>@<
replaceable >objectclass</
replaceable></
literal> notation in the attribute list to return
the attributes of a particular object class. The following example shows
how to return attributes of the <
literal>inetOrgPerson</
literal> object
<
screen>$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" @inetorgperson
dn: uid=bjensen,ou=People,dc=example,dc=com
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
telephoneNumber: +1 408 555 1862
mail: bjensen@example.com
facsimileTelephoneNumber: +1 408 555 1992</
screen>
<
para>You can use <
literal>+</
literal> in the attribute list to return
all operational attributes, as in the following example.</
para>
<
screen>$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" +
dn: uid=bjensen,ou=People,dc=example,dc=com
structuralObjectClass: inetOrgPerson
pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
subschemaSubentry: cn=schema
entryDN: uid=bjensen,ou=people,dc=example,dc=com
entryUUID: fc252fd9-b982-3ed6-b42a-c76d2546312c</
screen>