HP-UX Directory Server 8.1 administrator guide
DescriptionOption
Specifies the scope of the search. The scope can be one of the following:
base searches only the entry specified in the -b option or defined by the LDAP_BASEDN
environment variable.
one searches only the immediate children of the entry specified in the -b option. Only the children
are searched; the actual entry specified in the -b option is not searched.
sub searches the entry specified in the -b option and all its descendants; that is, perform a subtree
search starting at the point identified in the -b option. This is the default.
-s
Gives the password associated with the distinguished name that is specified in the -D option. If
this option is not specified, anonymous access is used. For example, -w diner892.
-w
Specifies that the search results are sorted on the server rather than on the client. This is useful
for sorting according to a matching rule, as with an international search. In general, it is faster to
sort on the server rather than on the client.
-x
Sets the maximum number of entries to return in response to a search request. For example, -z
1000. Normally, regardless of the value specified here, ldapsearch never returns more entries
than the number allowed by the server's nsslapd-sizelimit attribute. However, this limitation
can be overridden by binding as the root DN when using this command line argument. When
binding as the root DN, this option defaults to zero (0). The default value for the
nsslapd-sizelimit attribute is 2000 entries.
-z
For detailed information on all ldapsearch utility options, see the HP-UX Directory Server
configuration, command, and file reference.
B.2.4 ldapsearch examples
The next set of examples assumes the following:
• The search is for all entries in the directory.
• The directory is configured to support anonymous access for search and read. This means
that no bind information has to be supplied in order to perform the search. For more
information on anonymous access, see “Defining user access - userdn keyword”.
• The server is located on a host named mozilla.
• The server uses port number 389. Because this is the default port, the port number does not
have to be sent in the search request.
• SSL is enabled for the server on port 636(the default SSL port number).
• The suffix under which all data is stored is dc=example,dc=com.
B.2.4.1 Returning all entries
Given the previous information, the following call will return all entries in the directory, subject
to the configured size and time resource limits:
ldapsearch -h mozilla -b "dc=example,dc=com" -s sub "objectclass=*"
"objectclass=*" is a search filter that matches any entry in the directory. Because every entry
must have an object class, and the objectclass attribute is always indexed, this is a useful
search filter to return every entry.
B.2.4.2 Specifying search filters on the command line
A search filter can be specified directly on the command line as long as the filter is enclosed in
quotation marks ("filter"). If the filter is supplied with the command, do not specify the -f option.
For example:
ldapsearch -h mozilla -b "dc=example,dc=com" "cn=babs jensen"
B.2.4.3 Searching the root DSE entry
The root DSE is a special entry that contains a list of all the suffixes supported by the local
Directory Server. This entry can be searched by supplying a search base of "", a search scope of
base, and a filter of "objectclass=*". For example:
558 Finding directory entries