6330N/A<?
xml version="1.0" encoding="UTF-8"?>
6330N/A ! This work is licensed under the Creative Commons 6330N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 6330N/A ! To view a copy of this license, visit 6330N/A ! or send a letter to Creative Commons, 444 Castro Street, 6330N/A ! Suite 900, Mountain View, California, 94041, USA. 6330N/A ! You can also obtain a copy of the license at 6330N/A ! See the License for the specific language governing permissions 6330N/A ! and limitations under the License. 6330N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6330N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6330N/A ! Portions Copyright [yyyy] [name of copyright owner] 6330N/A ! Copyright 2011-2012 ForgeRock AS 6330N/A ! Portions Copyright 2013 Jens Elkner 6330N/A version="5.0" xml:
lang="en" 6330N/A <
refentrytitle><
application>ldapsearch</
application></
refentrytitle>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//manvolnum[@name="v1m"])'/>
6330N/A <
refname><
application>ldapsearch</
application></
refname>
6330N/A <
refpurpose>perform LDAP search operations</
refpurpose>
6330N/A <
command>ldapsearch</
command>
6330N/A <
arg>-b <
replaceable class="parameter">baseDN</
replaceable></
arg>
6330N/A <
arg>-a <
replaceable class="parameter">derefPolicy</
replaceable></
arg>
6330N/A <
arg>-e <
replaceable class="parameter">effRightsAttr</
replaceable></
arg>
6330N/A <
arg>-g <
replaceable class="parameter">effRightsAuthzId</
replaceable></
arg>
6330N/A <
arg>-G <
group choice="req"><
replaceable 6330N/A >before:after:index:count</
replaceable> | <
replaceable 6330N/A >before:after:value</
replaceable>
6330N/A <
arg>-l <
replaceable class="parameter">seconds</
replaceable></
arg>
6330N/A <
arg>-s <
replaceable class="parameter">searchScope</
replaceable></
arg>
6330N/A <
arg>-S <
replaceable class="parameter">order</
replaceable></
arg>
6330N/A <
arg>-z <
replaceable>maxEntries</
replaceable></
arg>
6330N/A <
arg>--simplePageSize <
replaceable class="parameter">entries</
replaceable></
arg>
6330N/A <
arg>--matchedValuesFilter <
replaceable class="parameter">filter</
replaceable></
arg>
6330N/A xpointer='xpointer(//para[@name="s-ops"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="s-proto"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="s-remote"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="s-auth"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="s-props"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="s-misc"]/*[@name="sc-verbose" 6330N/A xpointer='xpointer(//para[@name="s-general"]/*[@name="sc-help"])'/>
6330N/A <
arg choice="opt">filter</
arg>
6330N/A <
arg choice="opt" rep="repeat">attributes</
arg>
6330N/AThis utility can be used to perform LDAP search operations in the directory.
6330N/AThe filter argument is a string representation of an LDAP search filter as in
6330N/A(cn=Babs Jensen), (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))), or
6330N/A(cn:caseExactMatch:=Fred Flintstone).
6330N/AThe optional attribute list specifies the attributes to return in the entries
6330N/Afound by the search. In addition to identifying attributes by name such as cn
6330N/Asn mail and so forth, you can use the following notations, too.
6330N/AReturn all user attributes such as cn, sn, and mail.
6330N/AReturn all operational attributes such as etag and pwdPolicySubentry.
6330N/A <
term>@<
replaceable class="parameter">objectclass</
replaceable></
term>
6330N/AReturn all attributes of the specified object class, where <
replaceable 6330N/A>objectclass</
replaceable> is one of the object classes on the entries returned
6330N/A <
para>The following options are supported.</
para>
6330N/A <
term><
option>-b, --baseDN</
option> <
replaceable 6330N/A class="parameter">baseDN</
replaceable></
term>
6330N/A <
term><
option>-a, --dereferencePolicy</
option> <
replaceable 6330N/A class="parameter">policy</
replaceable></
term>
6330N/AAlias dereference policy: 'never', 'always', 'search', or 'find' (Default: never)
6330N/A <
term><
option>-A, --typesOnly</
option></
term>
6330N/AOnly retrieve attribute names but not their values.
6330N/A <
term><
option>-C, --persistentSearch</
option> <
replaceable 6330N/A class="parameter">ps[:changetype[:changesonly[:entrychgcontrols]]]</
replaceable></
term>
6330N/AUse the persistent search control.
6330N/A <
term><
option>--countEntries</
option></
term>
6330N/ACount the number of entries returned by the server.
6330N/A <
term><
option>-e, --getEffectiveRightsAttribute</
option> <
replaceable 6330N/A class="parameter">attribute</
replaceable></
term>
6330N/ASpecifies geteffectiverights control specific attribute list.
6330N/A <
term><
option>-g, --getEffectiveRightsAuthzid</
option> <
replaceable 6330N/A class="parameter">authzID</
replaceable></
term>
6330N/AUse geteffectiverights control with the provided authzid.
6330N/A <
term><
option>-G, --virtualListView</
option> <
replaceable 6330N/A class="parameter">before:after:index:count</
replaceable> | <
replaceable 6330N/A class="parameter">before:after:value</
replaceable></
term>
6330N/AUse the virtual list view control to retrieve the specified results page.
6330N/A <
term><
option>--matchedValuesFilter</
option> <
replaceable 6330N/A class="parameter">filter</
replaceable></
term>
6330N/AUse the LDAP matched values control with the provided filter.
6330N/A <
term><
option>-s, --searchScope</
option> <
replaceable 6330N/A class="parameter">scope</
replaceable></
term>
6330N/ASearch scope: 'base', 'one', 'sub', or 'subordinate' (Default: sub).
6330N/A<
literal>subordinate</
literal> is an LDAP extension that might not work with all
6330N/A <
term><
option>-S, --sortOrder</
option> <
replaceable 6330N/A class="parameter">order</
replaceable></
term>
6330N/ASort the results using the provided sort order.
6330N/A <
term><
option>--simplePageSize</
option> <
replaceable 6330N/A class="parameter">entries</
replaceable></
term>
6330N/AUse the simple paged results control with the given page size (Default: 1000).
6330N/A <
term><
option>-l, --timeLimit</
option> <
replaceable 6330N/A class="parameter">seconds</
replaceable></
term>
6330N/AMaximum length of time in seconds to allow for the search (Default: 0).
6330N/A <
term><
option>-z, --sizeLimit</
option> <
replaceable 6330N/A class="parameter">entries</
replaceable></
term>
6330N/AMaximum number of entries to return from the search (Default: 0).
6330N/A xpointer='xpointer(//para[@name="l-ops"]/*)'/>
6330N/A <
title>LDAP Connection Options</
title>
6330N/A xpointer='xpointer(//para[@name="l-proto"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="l-remote"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="l-auth"]/*)'/>
6330N/A <
term><
option>-t, --dontWrap</
option></
term>
6330N/A xpointer='xpointer(//para[@name="l-props"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="l-misc"]/*[@name="lc-verbose" 6330N/A <
title>General Options</
title>
6330N/A <
term><
option>--version</
option></
term>
6330N/A <
para>Display version information</
para>
6330N/A xpointer='xpointer(//para[@name="l-general"]/*[@name="lc-help"])'/>
6330N/AThe following example searches for entries with UID containing
6330N/A<
literal>jensen</
literal>, returning only DNs and uid values.
6330N/A>$ </
prompt><
command>ldapsearch -p 1389 -b dc=example,dc=com "(uid=*jensen*)" uid</
command></
literallayout>
6330N/Adn: uid=ajensen,ou=People,dc=example,dc=com
6330N/Adn: uid=bjensen,ou=People,dc=example,dc=com
6330N/Adn: uid=gjensen,ou=People,dc=example,dc=com
6330N/Adn: uid=jjensen,ou=People,dc=example,dc=com
6330N/Adn: uid=kjensen,ou=People,dc=example,dc=com
6330N/Adn: uid=rjensen,ou=People,dc=example,dc=com
6330N/Adn: uid=tjensen,ou=People,dc=example,dc=com
6330N/AYou can also use @<
replaceable>objectclass</
replaceable> notation in the
6330N/Aattribute list to return the attributes of a particular object class. The
6330N/Afollowing example shows how to return attributes of the
6330N/A<
code>inetOrgPerson</
code> object class.
6330N/A>$ </
prompt><
command>ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" \
6330N/A @inetorgperson</
command></
literallayout>
6330N/Adn: uid=bjensen,ou=People,dc=example,dc=com
6330N/AobjectClass: organizationalPerson
6330N/AtelephoneNumber: +1 408 555 1862
6330N/AfacsimileTelephoneNumber: +1 408 555 1992
6330N/AYou can use <
code>+</
code> in the attribute list to return all operational
6330N/Aattributes, as in the following example.
6330N/A>$ </
prompt><
command>ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" +</
command></
literallayout>
6330N/Adn: uid=bjensen,ou=People,dc=example,dc=com
6330N/AstructuralObjectClass: inetOrgPerson
6330N/ApwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
6330N/AsubschemaSubentry: cn=schema
6330N/AentryDN: uid=bjensen,ou=people,dc=example,dc=com
6330N/AentryUUID: fc252fd9-b982-3ed6-b42a-c76d2546312c
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="env"])'/>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="exit-ops"])'/>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="seeAlso"])'/>