ldapsearch

Description

This is an LDAP utility that queries an LDAP directory and returns the results.

Syntax

[Expert@MGMT:0]# ldapsearch [-d <Debug Level>] [-h <LDAP Server>] [-p <LDAP Port>] [-D <LDAP Admin DN>] [-w <LDAP Admin Password>] [-A] [-B] [-b <Base DN>] [-F <Separator>] [-l <LDAP Server Timeout>] [-s <Scope>] [-S <Sort Attribute>] [-t] [-T <LDAP Client Timeout>] [-u] [-z <Number of Search Entries>] [-Z] <Filter> [<Attributes>]

Note - You must run this command from the Expert mode.

Parameters

Parameter	Description
`-d <`Debug Level`>`	Runs the command in debug mode with the specified TDERROR debug level. Valid values are from 0 (disabled) to 5 (maximal level, recommended).
`-h <`LDAP Server`>`	Specifies the LDAP Server computer by its IP address or resolvable hostname. If you do not specify the LDAP Server explicitly, the command connects to `localhost`.
`-p <`LDAP Port`>`	Specifies the LDAP Server port. Default is 389.
`-D <`LDAP Admin DN`>`	Specifies the LDAP Server administrator Distinguished Name.
`-w <`LDAP Admin Password`>`	Specifies the LDAP Server administrator password.
`-A`	Specifies to retrieve attribute names only, without values.
`-B`	Specifies not to suppress the printing of non-ASCII values.
`-b <`Base DN`>`	Specifies the Base Distinguished Name (DN) for search.
`-F <`Separator`>`	Specifies the print separator character between attribute names and their values. The default separator is the equal sign "=".
`-l <`LDAP Server Timeout`>`	Specifies the Server side time limit for LDAP operations, in seconds. Default is `never`.
`-s <`Scope`>`	Specifies the search scope. One of these: `base` `one` `sub`
`-S <`Sort Attribute`>`	Specifies to sort the results by the values of this attribute.
`-t`	Specifies to write values to files in the `/tmp/` directory. Writes each <attribute>-<value> pair to a separate file named: `/tmp/ldapsearch-<`Attribute`>-<`Value`>` For example, for the `fw1color` attribute with the value `a00188`, the command writes to the file named: `/tmp/ldapsearch-fw1color-a00188`
`-T <`LDAP Client Timeout`>`	Specifies the Client side timeout for LDAP operations, in milliseconds. Default is `never`.
`-u`	Specifies to show user-friendly entry names in the output. For example: shows `cn=Babs Jensen, users, omi` instead of `cn=Babs Jensen, cn=users,cn=omi`
`-z <`Number of Search Entries`>`	Specifies the maximal number of entries to search on the LDAP Server.
`-Z`	Specifies to use SSL connection.
`<`Filter`>`	LDAP search filter compliant with RFC-1558. For example: `objectclass=fw1host`
`<`Attributes`>`	Specifies the list of attributes to retrieve. If you do not specify attributes explicitly, then the command retrieves all attributes.

Example

[Expert@MGMT:0]# ldapsearch -p 18185 -b cn=omi objectclass=fw1host objectclass

With this syntax, the command:

Connects to the LDAP Server to port 18185
Connects to the LDAP Server with Base DN cn=omi
Queries the LDAP directory for fw1host objects
For each object found, prints the value of its objectclass attribute