U.S. +1 (312) 214 3570  |  E.U +34 (91) 656-9266
Contact Us

LDAP Shell Commands :: ldapsearch

Description
 
Ldapsearch opens a connection to an LDAP server, binds and performs a search starting at searchbase, with a defined scope of all entries that satisfy a filter. If any entries are found, a list of specified attributes are returned.
 
Syntax
 
ldapsearch
[-n] [-u] [-v] [-k] [-K] [-t]
[-A] [-L[L[L]]] [-M[M]] [-d debuglevel] [-f file]
[-D binddn] [-W] [-w passwd] [-y passwdfile]
[-H ldapuri] [-h ldaphost] [-p ldapport]
[-P 2|3] [-b searchbase] [-s base|one|sub]
[-a never|always|search|find] [-l timelimit]
[-z sizelimit] [-O security-properties] [-I]
[-Q] [-U authcid] [-R realm] [-x] [-X authzid]
[-Y mech] [-Z[Z]] filter [attrs...]
 
-h ldaphost
Specifies an alternate host on which LDAP server is running
-p ldapport
 Specifies the TCP port where LDAP server is listening
-D binddn Binddn is the distinguished name used to bind to LDAP server
-w passwd Use passwd as the password for simple authentication
-b searchbase Set searchbase as the starting point for the search
-s scope (base | one | sub) Specify to limit the search to look in the base object, one-level, or the whole subtree.
-f file Reads a series of lines from file performing a search for each line. The filter given in the command line is treated as a pattern where %s is replaced with a line from file. If file is � then the lines are read from standard input.
-z sizelimit Retrieve at most sizelimit entries as results from the search
filter RFC 2254 search filter string representation with the condition(s) to be satisfied by the entries
attrs List of attributes to be retrieved in the search, if * or omitted all attributes are returned

Example
 
The following command:
 
ldapsearch -h 10.63.3.200 -p 1389
-D "cn=James Bond,ou=people, dc=mycompany,dc=com"
-w drymartini -b "ou=products,dc=mycompany,dc=com"
-s one -z 100 "(graphicsCard=*force*)"
did cost price cpu graphicsCard memorySize
 
will bind as "cn=James Bond..." to the LDAP server in host 10.63.3.200 listening on port 1389 and then search in the level below "ou=products..." for a maximum of 100 entries whose graphicsCard attribute contains the string "force", and will retrieve the values of the did, cost, price, cpu, graphicsCard and memorySize attributes.
 
Result
 
The results from an LDAP search are written in ldif format.
 
dn: did=2002090100004,ou=products,dc=mycompany,dc=com
did: 2002090100004
ost: 187
price: 412
PU: Athlon 2000+
memorySize: 512
graphicsCard: NVidia GForce 2
 
dn: did=2003051000004,ou=products,dc=mycompany,dc=com
did: 2003051000004
cost: 129
price: 270
CPU: Pentium IV 2100
memorySize: 256
graphicsCard: Nvidia Geforce 640
 
If no errors occur, the command will return a zero. Errors result in a non-zero exit status and a diagnostic message being written to standard error.
 

About Symlabs
 
Symlabs focuses on Identity Management. We offer "standards based" software components like the Symlabs Virtual Directory Server, Symlabs LDAP Proxy and the Symlabs Federated Identity Suite. We also offer software support, training and professional services.