Red Hat Directory Server 8.0 Administrator's Guide
• optional_search_filter is an LDAP search filter as described in Section 3, “LDAP Search
Filters”. Do not specify a separate search filter if search filters are specified in a file using the
-f option.
• optional_list_of_attributes is a list of attributes separated by a space. Specifying a list of
attributes reduces the number of attributes returned in the search results. This list of attributes
must appear after the search filter. For an example, see Section 2.4.6, “Displaying Subsets of
Attributes”. If a list of attributes is not specified, the search returns values for all attributes
permitted by the access control set in the directory (with the exception of operational
attributes).
NOTE
For operational attributes to be returned as a result of a search operation, they
must be explicitly specified in the search command. To retrieve regular attributes
in addition to explicitly specified operational attributes, use an asterisk (*) in the
list of attributes in the ldapsearch command. To retrieve no attributes, just a list
of the matching DNs, use the special attribute 1.1. This is useful, for example, to
get a list of DNs to pass to the ldapdelete command.
2.3. Commonly Used ldapsearch Options
The following table lists the most commonly used ldapsearch command-line options. If a
specified value contains a space ( ), the value should be surrounded by single or double
quotation marks, such as -b "ou=groups, dc=example,dc=com".
Option Description
-b Specifies the starting point for the search. The
value specified here must be a distinguished
name that currently exists in the database.
This is optional if the LDAP_BASEDN
environment variable has been set to a base
DN. The value specified in this option should
be provided in single or double quotation
marks. For example:
-b "cn=Barbara Jensen, ou=Product
Development,dc=example,dc=com"
To search the root DSE entry, specify an
empty string here, such as -b "" .
-D Specifies the distinguished name with which
to authenticate to the server. This is optional if
anonymous access is supported by the
Appendix B. Finding Directory Entries
554