Table 6.3. commonly-used ldapsearch options – Red Hat 8.1 User Manual

Page 178

Advertising
background image

Table 6.3. Commonly-Used ldapsearch Options

Option

Description

-b

Specifies the starting point for the search. The
value specified here must be a distinguished
name that currently exists in the database. This
option is optional if the LDAP_BASEDN
environment variable has been set to a base DN.
The value specified in this option should be
provided in double quotation marks. For example:

-b "cn=Barbara Jensen, ou=Product
Development, dc=example,dc=com"

The root DSE entry is a special entry that
contains a list of all the suffixes supported by the
local directory. To search this entry, supply a
search base of "", a search scope of base, and
a filter of "objectclass=*". For example:

-b "" -s base "objectclass=*"

-D

Specifies the distinguished name with which to
authenticate to the server. This option is optional
if anonymous access is supported by the server.
If specified, this value must be a DN recognized
by the Directory Server, and it must also have the
authority to search for the entries. For example:

-D "uid=bjensen, dc=example,dc=com"

-g

Specifies that the password policy request control
not be sent with the bind request. By default, the
new LDAP password policy request control is
sent with bind requests.
The ldapsearch tool can parse and display
information from the response control if it is
returned by a server; that is, the tool will print an
appropriate error or warning message when a
server sends the password policy response
control with the appropriate value.

The criticality of the request control is set to
false to ensure that all LDAPv3 servers that do
not understand the control can ignore it. To
suppress sending of the request control with the
bind request, include -g on the command-line.

-h

Specifies the hostname or IP address of the
machine on which the Directory Server is
installed. If a host is not specified, ldapsearch
uses the local host. For example:

-h mozilla

-l

Specifies the maximum number of seconds to wait
for a search request to complete. For example:

-l 300

Regardless of the value specified here,
ldapsearch will never wait longer than is
allowed by the server's nsslapd-timelimit
attribute, unless the authenticated user is the
Directory Manager. The default value for the
nsslapd-timelimit attribute is 3600 seconds.
See

Section 2.3.1.106, “nsslapd-timelimit (Time

Limit)”

for more information.

-p

Specifies the TCP port number that the Directory
Server uses. For example:

-p 1049

178

Chapter 6. Command-Line Utilities

Advertising
Popular Brands
Popular manuals