Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Child Fund

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 65 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       ldapsearch  [-n]  [-u] [-v] [-k] [-K] [-t] [-A] [-L[L[L]]]
       [-M[M]]   [-d debuglevel]   [-f file]   [-D binddn]   [-W]
       [-w passwd]   [-y passwdfile]  [-H ldapuri]  [-h ldaphost]
       [-p ldapport] [-P 2|3]  [-b searchbase]  [-s base|one|sub]
       [-a never|always|search|find]   [-l timelimit]   [-z size­
       limit]  [-O security-properties]  [-I]  [-Q]  [-U authcid]
       [-R realm]  [-x]  [-X authzid]  [-Y mech]  [-Z[Z]]  filter


       ldapsearch  is  a  shell-accessible   interface   to   the
       ldap_search(3) library call.

       ldapsearch  opens  a  connection to an LDAP server, binds,
       and performs a search using  specified  parameters.    The
       filter  should  conform  to  the string representation for
       search filters as defined in RFC 2254.  If  not  provided,
       the default filter, (objectClass=*), is used.

       If  ldapsearch  finds  one or more entries, the attributes
       specified by attrs are returned.  If * is listed, all user
       attributes  are returned.  If + is listed, all operational
       attributes are returned.  If no attrs are listed, all user
       attributes  are  returned.   If  only  1.1  is  listed, no
       attributes will be returned.


       -n     Show what would be done, but don't actually perform
              the  search.   Useful  for debugging in conjunction
              with -v.

       -u     Include the User Friendly Name form of the  Distin­
              guished Name (DN) in the output.

       -v     Run  in verbose mode, with many diagnostics written
              to standard output.

       -k     Use Kerberos IV authentication  instead  of  simple
              authentication.   It  is  assumed  that you already
              have a valid ticket  granting  ticket.   ldapsearch
              must  be  compiled  with  Kerberos support for this
              option to have any effect.

       -K     Same as -k, but only does step 1 of the Kerberos IV
              bind.   This  is  useful when connecting to a slapd
              and there is no x500dsa.hostname  principal  regis­
              tered with your Kerberos Domain Controller(s).

       -t     Write retrieved values to a set of temporary files.
              This is useful for dealing  with  non-ASCII  values
              such as jpegPhoto or audio.

       -S attribute
              Sort the entries returned based on  attribute.  The
              default  is  not  to  sort  entries  returned.   If
              attribute is a zero-length string (""), the entries
              are  sorted by the components of their Distingished
              Name.  See ldap_sort(3) for more details. Note that
              ldapsearch   normally  prints  out  entries  as  it
              receives them. The use of  the  -S  option  defeats
              this behavior, causing all entries to be retrieved,
              then sorted, then printed.

       -d debuglevel
              Set  the  LDAP  debugging  level   to   debuglevel.
              ldapsearch must be compiled with LDAP_DEBUG defined
              for this option to have any effect.

       -f file
              Read a series of lines from  file,  performing  one
              LDAP  search for each line.  In this case, the fil­
              ter given on the command line is treated as a  pat­
              tern  where  the first occurrence of %s is replaced
              with a line from file.  If file is a single - char­
              acter, then the lines are read from standard input.

       -x     Use simple authentication instead of SASL.

       -D binddn
              Use the Distinguished Name binddn to  bind  to  the
              LDAP directory.

       -W     Prompt  for  simple  authentication.   This is used
              instead of specifying the password on  the  command

       -w passwd
              Use  passwd  as the password for simple authentica­

       -y passwdfile
              Use complete contents of passwdfile as the password
              for simple authentication.

       -H ldapuri
              Specify URI(s) referring to the ldap server(s).

       -h ldaphost
              Specify  an alternate host on which the ldap server
              is running.  Deprecated in favor of -H.

       -p ldapport
              be one of never, always, search, or find to specify
              that aliases are never dereferenced, always  deref­
              erenced,  dereferenced  when searching, or derefer­
              enced only when locating the base  object  for  the
              search.    The  default  is  to  never  dereference

       -P 2|3 Specify the LDAP protocol version to use.

       -l timelimit
              wait at most timelimit seconds for a search to com­
              plete.    A  timelimit  of  0  (zero)  removes  the
              ldap.conf limit.  A server  may  impose  a  maximal
              timelimit which only the root user may override.

       -z sizelimit
              retrieve at most sizelimit entries for a search.  A
              sizelimit of 0 (zero) removes the ldap.conf  limit.
              A  server may impose a maximal sizelimit which only
              the root user may override.

       -O security-properties
              Specify SASL security properties.

       -I     Enable  SASL  Interactive  mode.   Always   prompt.
              Default is to prompt only as needed.

       -Q     Enable SASL Quiet mode.  Never prompt.

       -U authcid
              Specify  the  authentication  ID for SASL bind. The
              form of the ID depends on the actual SASL mechanism

       -R realm
              Specify  the  realm  of  authentication ID for SASL
              bind. The form of the realm depends on  the  actual
              SASL mechanism used.

       -X authzid
              Specify  the  proxy authorization ID for SASL bind.
              authzid must  be  one  of  the  following  formats:
              dn:<distinguished name> or u:<username>

       -Y mech
              Specify the SASL mechanism to be used for authenti­
              cation. If it's not  specified,  the  program  will
              choose the best mechanism the server knows.

       -Z[Z]  Issue  StartTLS (Transport Layer Security) extended
              operation. If you use -ZZ, the command will require
              the operation to be successful.

            sn: Jensen

       If  the  -t option is used, the URI of a temporary file is
       used in place of the actual value.  If the  -A  option  is
       given, only the "attributename" part is written.


       The following command:

           ldapsearch -LLL "(sn=smith)" cn sn telephoneNumber

       will  perform  a  subtree search (using the default search
       base defined in ldap.conf(5)) for entries with  a  surname
       (sn)  of  smith.   The  common name (cn), surname (sn) and
       telephoneNumber values will be retrieved  and  printed  to
       standard  output.   The  output  might look something like
       this if two entries are found:

           dn: uid=jts,dc=example,dc=com
            cn: John Smith
            cn: John T. Smith
            sn: Smith
            sn;lang-en: Smith
            sn;lang-de: Schmidt
            telephoneNumber: 1 555 123-4567

            dn: uid=sss,dc=example,dc=com
            cn: Steve Smith
            cn: Steve S. Smith
            sn: Smith
            sn;lang-en: Smith
            sn;lang-de: Schmidt
            telephoneNumber: 1 555 765-4321

       The command:

           ldapsearch -LLL -u -t "(uid=xyz)" jpegPhoto audio

       will perform a subtree search  using  the  default  search
       base for entries with user id of "xyz".  The user friendly
       form of the entry's DN will be output after the line  that
       contains the DN itself, and the jpegPhoto and audio values
       will be retrieved and written  to  temporary  files.   The
       output  might  look  like this if one entry with one value
       for each of the requested attributes is found:

           dn: uid=xyz,dc=example,dc=com
           ufn: xyz, example, com
           audio:< file::/tmp/ldapsearch-audio-a19924
           jpegPhoto:< file::=/tmp/ldapsearch-jpegPhoto-a19924

           dn: o=University of Colorado at Boulder,c=US
           o: University of Colorado at Boulder
           description: No personnel information
           description: Institution of education and research

           dn: o=University of Colorado at Denver,c=US
           o: University of Colorado at Denver
           o: UCD
           o: CU/Denver
           o: CU-Denver
           description: Institute for Higher Learning and Research

           dn: o=University of Florida,c=US
           o: University of Florida
           o: UFl
           description: Warper of young minds



       Exit status is zero if no errors occur.  Errors result  in
       a  non-zero  exit  status  and  a diagnostic message being
       written to standard error.


       ldapadd(1), ldapdelete(1),  ldapmodify(1),  ldapmodrdn(1),
       ldap.conf(5), ldif(5), ldap(3), ldap_search(3)


       The OpenLDAP Project <http://www.openldap.org/>


       OpenLDAP  is developed and maintained by The OpenLDAP Pro­
       ject (http://www.openldap.org/).  OpenLDAP is derived from
       University of Michigan LDAP 3.3 Release.

OpenLDAP 2.1.22             06-26-2003              LDAPSEARCH(1)

Looking for a "printer friendly" version?



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can choose larger fonts by selecting a different themes.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds