Table 6.5. additional ssl ldapsearch options – Red Hat 8.1 User Manual

Table 6.5. Additional SSL ldapsearch Options

Option

Description

-3

Specifies that hostnames should be checked in SSL
certificates.

-I

Specifies the SSL key password file that contains the
token:password pair.

-K

Specifies the absolute path, including the filename, of
the private key database of the client.
The -K option must be specified when the key
database has a different name than key3.db or when
the key database is not under the same directory as
the certificate database, the cert8.db file (the path
which is specified with the -P option).

-m

Specifies the path to the security module database,
such as
/etc/dirsrv/slapd-instance_name/secm od.db.
This option only need to be given if the security
module database is in a different directory than the
certificate database itself.

-N

Specifies the certificate name to use for certificate-
based client authentication, such as -N "Server-
Cert". If this option is specified, then the -Z, -P, and
-W options are required. Also, if this option is specified,
then the -D and -w options must not be specified, or
certificate-based authentication will not occur, and the
bind operation will use the authentication credentials
specified on -D and -w.

-P

Specifies the absolute path, including the option, of the
certificate database of the client. This option is used
only with the -Z option.
When used on a machine where an SSL-enabled web
browser is configured, the path specified on this option
can be that of the certificate database for the browser.
For example:

-P /security/cert.db

The client security files can also be stored on the
Directory Server in the
/etc/dirsrv/slapd-instance_name directory. In
this case, the -P option would call out a path and
filename similar to the following:

-P
/etc/dirsrv/slapd-instance_name/client-
cert.db

-Q

Specifies the token and certificate name, which is
separated by a semi-colon (:) for PKCS11.

-W

Specifies the password for the private key database
identified in the -P option. For example:

-W secret

If a dash (-) is used as the password value, the utility
prompts for the password after the command is
entered. This avoids having the password on the
command line.

-W -

Prompts for the password for the token database.

-Z

Specifies that SSL is to be used for the search
request.

-ZZ

Specifies the Start TLS request. Use this option to
make a cleartext connection into a secure one. If the
server does not support Start TLS, the command does
not have to be aborted; it will continue in cleartext.

-ZZZ

Enforces the Start TLS request. The server must
respond that the request was successful. If the server
does not support Start TLS, such as Start TLS is not
enabled or the certificate information is incorrect, the

Red Hat Directory Server 8.1 Configuration and Command Reference

181