Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

LDAPSEARCH(1) LDAPSEARCH(1)



NAME
ldapsearch - LDAP search tool

SYNOPSIS
ldapsearch [-n] [-c] [-u] [-v] [-t[t]] [-T path] [-F prefix] [-A]
[-L[L[L]]] [-M[M]] [-S attribute] [-d debuglevel] [-f file] [-x]
[-D binddn] [-W] [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost]
[-p ldapport] [-b searchbase] [-s base|one|sub|children]
[-a never|always|search|find] [-P 2|3] [-e [!]ext[=extparam]]
[-E [!]ext[=extparam]] [-l timelimit] [-z sizelimit] [-O security-prop-
erties] [-I] [-Q] [-U authcid] [-R realm] [-X authzid] [-Y mech]
[-Z[Z]] filter [attrs...]

DESCRIPTION
ldapsearch is a shell-accessible interface to the ldap_search_ext(3)
library call.

ldapsearch opens a connection to an LDAP server, binds, and performs a
search using specified parameters. The filter should conform to the
string representation for search filters as defined in RFC 4515. If
not provided, the default filter, (objectClass=*), is used.

If ldapsearch finds one or more entries, the attributes specified by
attrs are returned. If * is listed, all user attributes are returned.
If + is listed, all operational attributes are returned. If no attrs
are listed, all user attributes are returned. If only 1.1 is listed,
no attributes will be returned.

OPTIONS
-n Show what would be done, but don't actually perform the search.
Useful for debugging in conjunction with -v.

-c Continuous operation mode. Errors are reported, but ldapsearch
will continue with searches. The default is to exit after
reporting an error. Only useful in conjunction with -f.

-u Include the User Friendly Name form of the Distinguished Name
(DN) in the output.

-v Run in verbose mode, with many diagnostics written to standard
output.
....
-x Use simple authentication instead of SASL.