1
1
.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
2
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.5 2008/02/11 23:26:39 kurt Exp $
3
.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
2
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.10 2009/06/03 01:41:52 quanah Exp $
3
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
4
4
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6
6
ldapsearch \- LDAP search tool
52
52
.BI \-b \ searchbase\fR]
54
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
56
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
58
.BI \-P \ 2\fR\||\|\fI3\fR]
60
.BR \-e \ [!]ext[=extparam]]
62
.BR \-E \ [!]ext[=extparam]]
54
.BR \-s \ { base \||\| one \||\| sub \||\| children }]
56
.BR \-a \ { never \||\| always \||\| search \||\| find }]
58
.BR \-P \ { 2 \||\| 3 }]
60
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
62
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
64
64
.BI \-l \ timelimit\fR]
66
66
.BI \-z \ sizelimit\fR]
68
.BR \-O \ security-properties ]
68
.BI \-O \ security-properties\fR]
102
102
returned. If + is listed, all operational attributes are returned.
103
103
If no \fIattrs\fP are listed, all user attributes are returned. If only
104
104
1.1 is listed, no attributes will be returned.
106
The search results are displayed using an extended version of LDIF.
107
Option \fI\-L\fP controls the format of the output.
121
124
Run in verbose mode, with many diagnostics written to standard output.
124
A single -t writes retrieved non-printable values to a set of temporary
127
A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
125
128
files. This is useful for dealing with values containing non-character
126
data such as jpegPhoto or audio. A second -t writes all retrieved values to
129
data such as jpegPhoto or audio. A second \fB\-t\fP writes all retrieved values to
130
133
Write temporary files to directory specified by \fIpath\fP (default:
134
URL prefix for temporary files. Default is file://\fIpath\fP/ where
135
\fIpath\fP is /var/tmp/ or specified with -T.
137
URL prefix for temporary files. Default is \fBfile://\fIpath\fP where
138
\fIpath\fP is \fB/var/tmp/\fP or specified with \fB\-T\fP.
138
141
Retrieve attributes only (no values). This is useful when you just want to
143
146
Search results are display in LDAP Data Interchange Format detailed in
145
A single -L restricts the output to LDIFv1.
146
A second -L disables comments.
147
A third -L disables printing of the LDIF version.
148
A single \fB\-L\fP restricts the output to LDIFv1.
149
A second \fB\-L\fP disables comments.
150
A third \fB\-L\fP disables printing of the LDIF version.
148
151
The default is to use an extended version of LDIF.
151
154
Enable manage DSA IT control.
153
156
makes control critical.
159
162
.BR ldap_sort (3)
160
163
for more details. Note that
162
normally prints out entries as it receives them. The use of the
165
normally prints out entries as it receives them. The use of the \fB\-S\fP
164
166
option defeats this behavior, causing all entries to be retrieved,
165
167
then sorted, then printed.
178
180
Where it is desired that the search filter include a \fB%\fP character,
179
181
the character should be encoded as \fB\\25\fP (see RFC 4515).
180
182
If \fIfile\fP is a single
181
\fI-\fP character, then the lines are read from standard input.
183
\fB\-\fP character, then the lines are read from standard input.
183
185
will exit when the first non-successful search result is returned,
186
unless \fB\-c\fP is used.
187
189
Use simple authentication instead of SASL.
190
192
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
193
For SASL binds, the server is expected to ignore this value.
193
196
Prompt for simple authentication.
213
216
.BI \-h \ ldaphost
214
217
Specify an alternate host on which the ldap server is running.
215
Deprecated in favor of -H.
218
Deprecated in favor of \fB\-H\fP.
217
220
.BI \-p \ ldapport
218
221
Specify an alternate TCP port where the ldap server is listening.
219
Deprecated in favor of -H.
222
Deprecated in favor of \fB\-H\fP.
221
224
.BI \-b \ searchbase
222
225
Use \fIsearchbase\fP as the starting point for the search instead of
225
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
228
.BR \-s \ { base \||\| one \||\| sub \||\| children }
226
229
Specify the scope of the search to be one of
232
235
to specify a base object, one-level, subtree, or children search.
237
240
scope requires LDAPv3 subordinate feature extension.
239
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
242
.BR \-a \ { never \||\| always \||\| search \||\| find }
240
243
Specify how aliases dereferencing is done. Should be one of
246
249
to specify that aliases are never dereferenced, always dereferenced,
247
250
dereferenced when searching, or dereferenced only when locating the
248
251
base object for the search. The default is to never dereference aliases.
250
.BI \-P \ 2\fR\||\|\fI3
253
.BR \-P \ { 2 \||\| 3 }
251
254
Specify the LDAP protocol version to use.
253
.B \-e \fI[!]ext[=extparam]\fP
256
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
255
.B \-E \fI[!]ext[=extparam]\fP
258
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
257
Specify general extensions with -e and search extensions with -E.
258
\'!\' indicates criticality.
260
Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
261
\'\fB!\fP\' indicates criticality.
260
263
General extensions:
274
277
[!]domainScope (domain scope)
275
278
[!]mv=<filter> (matched values filter)
276
279
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
280
[!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
277
281
[!]subentries[=true|false] (subentries)
278
282
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
279
283
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
327
331
Specify the requested authorization ID for SASL bind.
329
333
must be one of the following formats:
331
.I <distinguished name>
334
.BI dn: "<distinguished name>"
337
339
Specify the SASL mechanism to be used for authentication. If it's not
338
340
specified, the program will choose the best mechanism the server knows.
341
343
Issue StartTLS (Transport Layer Security) extended operation. If you use
343
, the command will require the operation to be successful.
344
\fB\-ZZ\fP, the command will require the operation to be successful.
344
345
.SH OUTPUT FORMAT
345
346
If one or more entries are found, each entry is written to standard
346
347
output in LDAP Data Interchange Format or
362
If the -t option is used, the URI of a temporary file
363
is used in place of the actual value. If the -A option
363
If the \fB\-t\fP option is used, the URI of a temporary file
364
is used in place of the actual value. If the \fB\-A\fP option
364
365
is given, only the "attributename" part is written.
366
367
The following command:
369
ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
370
ldapsearch \-LLL "(sn=smith)" cn sn telephoneNumber
372
373
will perform a subtree search (using the default search base and
383
384
cn: John T. Smith
387
telephoneNumber: 1 555 123-4567
388
telephoneNumber: 1 555 123\-4567
389
390
dn: uid=sss,dc=example,dc=com
391
392
cn: Steve S. Smith
395
telephoneNumber: 1 555 765-4321
396
telephoneNumber: 1 555 765\-4321
401
ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
402
ldapsearch \-LLL \-u \-t "(uid=xyz)" jpegPhoto audio
404
405
will perform a subtree search using the default search base for entries
412
413
dn: uid=xyz,dc=example,dc=com
413
414
ufn: xyz, example, com
414
audio:< file:///tmp/ldapsearch-audio-a19924
415
jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
415
audio:< file:///tmp/ldapsearch\-audio\-a19924
416
jpegPhoto:< file:///tmp/ldapsearch\-jpegPhoto\-a19924
421
ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
422
ldapsearch \-LLL \-s one \-b "c=US" "(o=University*)" o description
424
425
will perform a one-level search at the c=US level for all entries