Title: ldapsearch
Author:
Generator: DocBook XSL-NS Stylesheets v1.76.1 <http://docbook.sf.net/>
Date: November 21, 2011
Manual: Tools Reference
Source: OpenDJ 2.5.0
Language: English
* Define some portability stuff
-----------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://bugs.debian.org/507673
http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------
* set default formatting
-----------------------------------------------------------------
disable hyphenation
disable justification (adjust text to left margin only)
-----------------------------------------------------------------
* MAIN CONTENT STARTS HERE *
-----------------------------------------------------------------
\w'ldapsearch 'u ldapsearch {options} [filter] [attributes...]
This utility can be used to perform LDAP search operations in the directory.
In the list of attributes to return, you can specify * to return all user attributes, + to return all operational attributes, and @object-class to return all attributes associated with the object-class such as @person.
The following options are supported.
-a, --dereferencePolicy {dereferencePolicy}
Alias dereference policy (\*(Aqnever\*(Aq, \*(Aqalways\*(Aq, \*(Aqsearch\*(Aq, or \*(Aqfind\*(Aq) Default value: never
-A, --typesOnly
Only retrieve attribute names but not their values
--assertionFilter {filter}
Use the LDAP assertion control with the provided filter
-b, --baseDN {baseDN}
Base DN format string
-c, --continueOnError
Continue processing even if there are errors
-C, --persistentSearch ps[:changetype[:changesonly[:entrychgcontrols]]]
Use the persistent search control
--countEntries
Count the number of entries returned by the server
-e, --getEffectiveRightsAttribute {attribute}
Specifies geteffectiverights control specific attribute list
-f, --filename {file}
LDIF file containing the changes to apply
-g, --getEffectiveRightsAuthzid {authzID}
Use geteffectiverights control with the provided authzid
-G, --virtualListView {before:after:index:count | before:after:value}
Use the virtual list view control to retrieve the specified results page
-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}
Use a request control with the provided information
-l, --timeLimit {timeLimit}
Maximum length of time in seconds to allow for the search Default value: 0
--matchedValuesFilter {filter}
Use the LDAP matched values control with the provided filter
-n, --dry-run
Show what would be done but do not perform any operation
-s, --searchScope {searchScope}
Search scope (\*(Aqbase\*(Aq, \*(Aqone\*(Aq, \*(Aqsub\*(Aq, or \*(Aqsubordinate\*(Aq) Default value: sub subordinate is an LDAP extension that might not work with all LDAP servers.
-S, --sortOrder {sortOrder}
Sort the results using the provided sort order
--simplePageSize {numEntries}
Use the simple paged results control with the given page size Default value: 1000
-Y, --proxyAs {authzID}
Use the proxied authorization control with the given authorization ID
-z, --sizeLimit {sizeLimit}
Maximum number of entries to return from the search Default value: 0
-D, --bindDN {bindDN}
DN to use to bind to the server Default value: cn=Directory Manager
-E, --reportAuthzID
Use the authorization identity control
-h, --hostname {host}
Directory server hostname or IP address Default value: localhost.localdomain
-j, --bindPasswordFile {bindPasswordFile}
Bind password file
-K, --keyStorePath {keyStorePath}
Certificate key store path
-N, --certNickname {nickname}
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}
SASL bind options
-p, --port {port}
Directory server port number Default value: 389
-P, --trustStorePath {trustStorePath}
Certificate trust store path
-q, --useStartTLS
Use StartTLS to secure communication with the server
-T, --trustStorePassword {trustStorePassword}
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
Certificate key store PIN file
-U, --trustStorePasswordFile {path}
Certificate trust store PIN file
--usePasswordPolicyControl
Use the password policy request control
-V, --ldapVersion {version}
LDAP protocol version number Default value: 3
-w, --bindPassword {bindPassword}
Password to use to bind to the server
-W, --keyStorePassword {keyStorePassword}
Certificate key store PIN
-X, --trustAll
Trust all server SSL certificates
-Z, --useSSL
Use SSL for secure communication with the server
-i, --encoding {encoding}
Use the specified character set for command-line input
--noPropertiesFile
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
Path to the file containing default property values used for command line arguments
-t, --dontWrap
Do not wrap long lines
-v, --verbose
Use verbose mode
--version
Display version information
-?, -H, --help
Display usage information
0
The command completed successfully.
ldap-error
An LDAP error occurred while processing the operation. LDAP result codes are described in \m[blue]RFC 4511\m[]. Also see the additional information for details.
89
An error occurred while parsing the command-line arguments.
You can use ~/.opendj/tools.properties to set the defaults for bind DN, host name, and port number as in the following example.
.\}
hostname=directory.example.com port=1389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare.port=1389 ldapdelete.port=1389 ldapmodify.port=1389 ldappasswordmodify.port=1389 ldapsearch.port=1389
The following example searches for entries with UID containing jensen, returning only DNs and uid values.
.\}
$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=*jensen*)" uid dn: uid=ajensen,ou=People,dc=example,dc=com uid: ajensen dn: uid=bjensen,ou=People,dc=example,dc=com uid: bjensen dn: uid=gjensen,ou=People,dc=example,dc=com uid: gjensen dn: uid=jjensen,ou=People,dc=example,dc=com uid: jjensen dn: uid=kjensen,ou=People,dc=example,dc=com uid: kjensen dn: uid=rjensen,ou=People,dc=example,dc=com uid: rjensen dn: uid=tjensen,ou=People,dc=example,dc=com uid: tjensen Result Code: 0 (Success)
Copyright \(co 2011 ForgeRock AS