HP-UX Directory Server 8.1 configuration, command, and file reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

181

182

183

184

185

186

187

188

189

190

6.4 ldapsearch

The configurable utility named ldapsearch locates and retrieves directory entries through

LDAP. This utility opens a connection to the specified server using the specified distinguished

name and password and locates entries based on a specified search filter. Search scopes can

include a single entry, an entry's immediate subentries, or an entire tree or subtree. Search results

are returned in LDIF format.

• “ldapsearch syntax” (page 190)

• “Commonly-used ldapsearch options” (page 190)

• “Persistent search options” (page 192)

• “ldapsearch SSL options” (page 192)

• “ldapsearch SASL options” (page 193)

• “Additional ldapsearch options” (page 199)

6.4.1 ldapsearch syntax

ldapsearch -b basedn -s scope [optional_options] "(attribute=filter)"

[optional_list_of_attributes ]

For any value that contains a space ( ), the value should be enclosed in double quotation marks.

For example:

-b "ou=groups, dc=example,dc=com"

Table 6-2 ldapsearch syntax

DescriptionOption

A series of command-line options. These must be specified before the search filter,

if used.

optional_options

An LDAP search filter as described in HP-UX Directory Server administrator guide.

Do not specify a search filter if search filters are supplied in a file using the -f

option.

"(filter)"

A list of space-separated attributes that reduce the scope of the attributes returned

in the search results. This list of attributes must appear after the search filter. For a

usage example, see the HP-UX Directory Server administrator guide. If a list of

attributes is not specified, the search returns values for all attributes permitted by

the access control set in the directory with the exception of operational attributes.

optional_list_of_attributes

To return operational attributes as a result of a search operation, they must be explicitly specified

in the search command. To retrieve regular attributes along with explicitly-specified operational

attributes, specify an asterisk (*) in addition to the operational attributes.

6.4.2 Commonly-used ldapsearch options

Table 6-3 “Commonly-used ldapsearch options”lists the most commonly used ldapsearch

command-line options.

The most common ldapsearch usage specifies the host and port number, bind DN and

password, scope, base DN, and a filter that returns every entry under the search base:

ldapsearch -b basedn -s sub -h host -p port -D binddn -w password "(objectclass=*)"

190 Command-line utilities