HP-UX Directory Server 8.1 configuration, command, and file reference
Table 6-3 Commonly-used ldapsearch options
DescriptionOption
Specifies the starting point for the search. The value specified here must be a distinguished name
that currently exists in the database. This option is optional if the LDAP_BASEDN environment
variable has been set to a base DN.
The value specified in this option should be provided in double quotation marks. For example:
-b "cn=Barbara Jensen, ou=Product Development, dc=example,dc=com"
The root DSE entry is a special entry that contains a list of all the suffixes supported by the local
directory. To search this entry, supply a search base of "", a search scope of base, and a filter of
"objectclass=*". For example:
-b "" -s base "objectclass=*"
-b
Specifies the distinguished name with which to authenticate to the server. This option is optional
if anonymous access is supported by the server. If specified, this value must be a DN recognized
by the Directory Server, and it must also have the authority to search for the entries. For example:
-D "uid=bjensen, dc=example,dc=com"
-D
Specifies that the password policy request control not be sent with the bind request. By default, the
new LDAP password policy request control is sent with bind requests.
The ldapsearch tool can parse and display information from the response control if it is returned
by a server; that is, the tool will print an appropriate error or warning message when a server sends
the password policy response control with the appropriate value.
The criticality of the request control is set to false to ensure that all LDAPv3 servers that do not
understand the control can ignore it. To suppress sending of the request control with the bind
request, include -g on the command-line.
-g
Specifies the host name or IP address of the machine on which the Directory Server is installed. If
a host is not specified, ldapsearch uses the local host. For example:
-h mozilla
-h
Specifies the maximum number of seconds to wait for a search request to complete. For example:
-l 300
Regardless of the value specified here, ldapsearch will never wait longer than is allowed by the
server's nsslapd-timelimit attribute, unless the authenticated user is the Directory Manager.
The default value for the nsslapd-timelimit attribute is 3600 seconds. See “nsslapd-timelimit
(Time limit)” for more information.
-l
Specifies the TCP port number that the Directory Server uses. For example:
-p 1049
The default is 389. If -Z is used, the default is 636.
-p
Specifies the scope of the search. The scope can be one of the following:
• base searches only the entry specified in the -b option or defined by the LDAP_BASEDN
environment variable.
• one searches only the immediate children of the entry specified in the -b option. Only the children
are searched; the actual entry specified in the -b option is not searched.
• sub searches the entry specified in the -b option and all its descendants. That is, perform a
subtree search starting at the point identified in the -b option. This is the default.
-s
Specifies the password associated with the distinguished name that is specified in the -D option.
For example:
-w diner892
If this option is not specified, anonymous access is used.
If a hyphen (-) is used as the password value, the utility prompts for the password after the command
is entered. This avoids having the password on the command line.
-w
6.4 ldapsearch 191