1
1
.TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
2
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.8 2009/01/22 00:00:48 kurt Exp $
2
.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.10 2009/06/03 01:41:52 quanah Exp $
3
3
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
4
4
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
52
52
.BI \-b \ searchbase\fR]
54
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
56
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR]
58
.BI \-P \ 2\fR\||\|\fI3\fR]
60
.BR \-e \ [!]ext[=extparam]]
62
.BR \-E \ [!]ext[=extparam]]
54
.BR \-s \ { base \||\| one \||\| sub \||\| children }]
56
.BR \-a \ { never \||\| always \||\| search \||\| find }]
58
.BR \-P \ { 2 \||\| 3 }]
60
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
62
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
64
64
.BI \-l \ timelimit\fR]
66
66
.BI \-z \ sizelimit\fR]
68
.BR \-O \ security-properties ]
68
.BI \-O \ security-properties\fR]
102
102
returned. If + is listed, all operational attributes are returned.
103
103
If no \fIattrs\fP are listed, all user attributes are returned. If only
104
104
1.1 is listed, no attributes will be returned.
106
The search results are displayed using an extended version of LDIF.
107
Option \fI\-L\fP controls the format of the output.
121
124
Run in verbose mode, with many diagnostics written to standard output.
124
A single -t writes retrieved non-printable values to a set of temporary
127
A single \fB\-t\fP writes retrieved non-printable values to a set of temporary
125
128
files. This is useful for dealing with values containing non-character
126
data such as jpegPhoto or audio. A second -t writes all retrieved values to
129
data such as jpegPhoto or audio. A second \fB\-t\fP writes all retrieved values to
130
133
Write temporary files to directory specified by \fIpath\fP (default:
134
URL prefix for temporary files. Default is file://\fIpath\fP/ where
135
\fIpath\fP is /var/tmp/ or specified with -T.
137
URL prefix for temporary files. Default is \fBfile://\fIpath\fP where
138
\fIpath\fP is \fB/var/tmp/\fP or specified with \fB\-T\fP.
138
141
Retrieve attributes only (no values). This is useful when you just want to
143
146
Search results are display in LDAP Data Interchange Format detailed in
145
A single -L restricts the output to LDIFv1.
146
A second -L disables comments.
147
A third -L disables printing of the LDIF version.
148
A single \fB\-L\fP restricts the output to LDIFv1.
149
A second \fB\-L\fP disables comments.
150
A third \fB\-L\fP disables printing of the LDIF version.
148
151
The default is to use an extended version of LDIF.
151
154
Enable manage DSA IT control.
153
156
makes control critical.
159
162
.BR ldap_sort (3)
160
163
for more details. Note that
162
normally prints out entries as it receives them. The use of the
165
normally prints out entries as it receives them. The use of the \fB\-S\fP
164
166
option defeats this behavior, causing all entries to be retrieved,
165
167
then sorted, then printed.
178
180
Where it is desired that the search filter include a \fB%\fP character,
179
181
the character should be encoded as \fB\\25\fP (see RFC 4515).
180
182
If \fIfile\fP is a single
181
\fI-\fP character, then the lines are read from standard input.
183
\fB\-\fP character, then the lines are read from standard input.
183
185
will exit when the first non-successful search result is returned,
186
unless \fB\-c\fP is used.
187
189
Use simple authentication instead of SASL.
190
192
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
191
For SASL Binds, the server is expected to ignore this value.
193
For SASL binds, the server is expected to ignore this value.
194
196
Prompt for simple authentication.
214
216
.BI \-h \ ldaphost
215
217
Specify an alternate host on which the ldap server is running.
216
Deprecated in favor of -H.
218
Deprecated in favor of \fB\-H\fP.
218
220
.BI \-p \ ldapport
219
221
Specify an alternate TCP port where the ldap server is listening.
220
Deprecated in favor of -H.
222
Deprecated in favor of \fB\-H\fP.
222
224
.BI \-b \ searchbase
223
225
Use \fIsearchbase\fP as the starting point for the search instead of
226
.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
228
.BR \-s \ { base \||\| one \||\| sub \||\| children }
227
229
Specify the scope of the search to be one of
233
235
to specify a base object, one-level, subtree, or children search.
238
240
scope requires LDAPv3 subordinate feature extension.
240
.BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind
242
.BR \-a \ { never \||\| always \||\| search \||\| find }
241
243
Specify how aliases dereferencing is done. Should be one of
247
249
to specify that aliases are never dereferenced, always dereferenced,
248
250
dereferenced when searching, or dereferenced only when locating the
249
251
base object for the search. The default is to never dereference aliases.
251
.BI \-P \ 2\fR\||\|\fI3
253
.BR \-P \ { 2 \||\| 3 }
252
254
Specify the LDAP protocol version to use.
254
.B \-e \fI[!]ext[=extparam]\fP
256
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
256
.B \-E \fI[!]ext[=extparam]\fP
258
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
258
Specify general extensions with -e and search extensions with -E.
259
\'!\' indicates criticality.
260
Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
261
\'\fB!\fP\' indicates criticality.
261
263
General extensions:
275
277
[!]domainScope (domain scope)
276
278
[!]mv=<filter> (matched values filter)
277
279
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
278
[!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...] (server side sorting)
280
[!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
279
281
[!]subentries[=true|false] (subentries)
280
282
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
281
283
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
329
331
Specify the requested authorization ID for SASL bind.
331
333
must be one of the following formats:
333
.I <distinguished name>
334
.BI dn: "<distinguished name>"
339
339
Specify the SASL mechanism to be used for authentication. If it's not
340
340
specified, the program will choose the best mechanism the server knows.
343
343
Issue StartTLS (Transport Layer Security) extended operation. If you use
345
, the command will require the operation to be successful.
344
\fB\-ZZ\fP, the command will require the operation to be successful.
346
345
.SH OUTPUT FORMAT
347
346
If one or more entries are found, each entry is written to standard
348
347
output in LDAP Data Interchange Format or
364
If the -t option is used, the URI of a temporary file
365
is used in place of the actual value. If the -A option
363
If the \fB\-t\fP option is used, the URI of a temporary file
364
is used in place of the actual value. If the \fB\-A\fP option
366
365
is given, only the "attributename" part is written.
368
367
The following command:
371
ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber
370
ldapsearch \-LLL "(sn=smith)" cn sn telephoneNumber
374
373
will perform a subtree search (using the default search base and
385
384
cn: John T. Smith
389
telephoneNumber: 1 555 123-4567
388
telephoneNumber: 1 555 123\-4567
391
390
dn: uid=sss,dc=example,dc=com
393
392
cn: Steve S. Smith
397
telephoneNumber: 1 555 765-4321
396
telephoneNumber: 1 555 765\-4321
403
ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio
402
ldapsearch \-LLL \-u \-t "(uid=xyz)" jpegPhoto audio
406
405
will perform a subtree search using the default search base for entries
414
413
dn: uid=xyz,dc=example,dc=com
415
414
ufn: xyz, example, com
416
audio:< file:///tmp/ldapsearch-audio-a19924
417
jpegPhoto:< file:///tmp/ldapsearch-jpegPhoto-a19924
415
audio:< file:///tmp/ldapsearch\-audio\-a19924
416
jpegPhoto:< file:///tmp/ldapsearch\-jpegPhoto\-a19924
423
ldapsearch -LLL -s one -b "c=US" "(o=University*)" o description
422
ldapsearch \-LLL \-s one \-b "c=US" "(o=University*)" o description
426
425
will perform a one-level search at the c=US level for all entries