ldapsearch

From RaySoft

ldapsearch opens a connection to an LDAP server, binds, and performs a search using specified parameters. The filter should conform to the string representation for search filters as defined in RFC 2254. If not provided, the default filter, (objectClass=*), is used.[1]

If ldapsearch finds one or more entries, the attributes specified by attributes are returned. If * is listed, all user attributes are returned. If + is listed, all operational attributes are returned. If no attributes are listed, all user attributes are returned. If only 1.1 is listed, no attributes will be returned.[1]

Documentation

Syntax

ldapsearch [PARAMETER ...] FILTER [ATTRIBUTE ...]

Parameters

-b SEARCHBASE
Use SEARCHBASE as the starting point for the search instead of the default.
-C
Chase referrals.
-d LEVEL
Set the LDAP debugging LEVEL to debuglevel.
-D BASEDN
Use the Distinguished Name BASEDN to bind to the LDAP directory.
-h LDAPHOST
Specify an alternate host LDAPHOST on which the LDAP server is running. Deprecated in favor of -H.
-L[L[L]]
Search results are display in LDAP Data Interchange Format (LDIF). A single -L restricts the output to LDIFv1. A second -L disables comments. A third -L disables printing of the LDIF version. The default is to use an extended version of LDIF.
-Q
Enable SASL Quiet mode. Never prompt.
-S ATTRIBUTE
Sort the entries returned based on ATTRIBUTE. The default is not to sort entries returned. If attribute is a zero-length string (""), the entries are sorted by the components of their 'Distinguished Name'.
-W
Prompt for simple authentication. This is used instead of specifying the password on the command line.
-x
Use simple authentication instead of SASL.
-Z[Z]
Issue StartTLS (Transport Layer Security) extended operation. If you use -ZZ, the command will require the operation to be successful.

Examples

ldapsearch -x -D 'cn=admin,dc=raysoft,dc=loc' -W

ldapsearch -x -D 'cn=admin,dc=raysoft,dc=loc' -W 'ou:dn:=users'

Active Directory

ldapsearch -h 'neon.raysoft.loc' -D -x 'alex@raysoft.loc' \
  -W -b 'DC=raysoft,DC=loc'

ldapsearch -Q -LLL -h 'neon.raysoft.loc' -D -x 'alex@raysoft.loc' \
  -W -b 'DC=raysoft,DC=loc' \
  '(&(objectClass=person)(!(objectClass=computer))(uidNumber=*))'

References

  1. 1.0 1.1 man 1 'ldapsearch'
Retrieved from "https://www.raysoft.ch/w/index.php?title=ldapsearch&oldid=42628"