ldapsearch Tables
The following table describes the difference between uppercase and lowercase parameters that can be used for ldapsearch.
| Number of references | Use |
| -? | Print help on using Ldapsearch. |
| -A Deref | Specifies the alias reverse reference. Please enter never, always, search, or find. Assuming this parameter is not used, the default is never. |
| -A | Retrieves only the name of the property, not the value of the property. |
| -B Base DN | Specifies the distinguished name to use as the starting point for the search. Use an argument to specify the value, for example: "Ou=west,o=acme,c=us" You must use this parameter if the server you are searching for needs to specify a starting point for the search. Otherwise, this number of parameters is optional. You can also use-B and-S to determine the search scope at the same time. Without –s,-b, the item specified as the starting point and all children of the item are searched. |
| -B | Agree to print non-ASCII values |
| -D bind DN | Specifies that the server is used to verify your distinguished name. The name must match the items in the folder, and you must have the permissions required to search for the folder. Use an argument to specify the name, for example: "Cn=directory manager,o=acme,c=us" Assuming that this parameter is not used, the connection to the server is anonymous. Assuming that the server does not agree to anonymous connections, you must use-D. In addition to-D, you must also use the-w parameter to specify the password associated with the distinguished name. |
| -F File | Specifies the file that includes the search filter that you want to use, such as the-f filter. Please put each search filter on a separate line. Ldapsearch will run a search for each row. You can choose to specify the filtering mode. For example, specify-F to filter "cn=%s" and enter a value for the common name in each line of the file. |
| -F Sep | Print Sep instead of an equal sign (=) between the property name and the value. For example, assume that a tool that reads the Ldapsearch output can use this parameter when it wants to use a different delimiter. |
| -H Host Name | Specifies the hostname of the server to which you want to connect, such as-H server.acme.com. |
| -L TimeLimit | Specifies the time limit (in seconds) for the search to complete. If you do not specify this parameter or specify a limit of 0, the search does not have a time limit. However, Ldapsearch's wait time will never exceed the search time limit set on the server. |
| -L | Specifies output in LDIF format. The LDIF format uses colons (:) Instead of an equal sign (=) as an attribute descriptive descriptor. LDIF is useful for adding or changing a large number of folder items at once. For example, the ability to import the output into a folder that is compatible with LDAP. |
| -M | The reference object is managed as a normal item so that Ldapsearch can return the properties of the entry itself, rather than the attributes of the item being tested. |
| -N | Shows how to run the search, but does not actually run the search |
| -P Port | Specifies the port used by the server. Assuming this parameter is not used, Ldapsearch uses 389 port by default. |
| -R | Do not voluntarily follow the search references returned by the server. Note that the Netscape folder server uses the term referrals for the search reference. |
| -S scope | Specify the search scope when using the-B parameter:
|
| -S attribute | Sorts the results by the specified attributes. |
| -Z SizeLimit | Specifies the maximum number of returned items. Assuming that this parameter is not specified or the specified limit is 0, the returned item has no number limit. However, Ldapsearch will never return more items than the server agrees. |
| -U | Specifies that Ldapsearch returns the distinguished name in a user-friendly format. |
| -V | Specifies that Ldapsearch is executed in verbose mode. |
| -W Password | Specifies the password associated with the distinguished name used with the-D parameter. |
| X | When used with-s, you can specify that the LDAP server sort the results before returning them. Assume that using-s instead of using –x,ldapsearch will sort the results. |
table of operators used in the Ldapsearch search filter
The following table describes the operators that can be used in search filters.
| Operator | Use | Example |
| = | Find items that include the same property value as the specified value | "Cn=john Browning" |
| = <string>*<string> | Finds the same item as the specified substring in the included property value | "Cn=john*" "Cn=j*brown" |
| >= | Finds a specific item that contains a number or alphabetic value of a property that is greater than or equal to the specified value. | "Cn>=d" |
| <= | Finds a specific item that contains a number or alphabetic value of a property that is less than or equal to the specified value. | "Roomnumber<=300" |
| =* | Finds the item that includes the value of a particular property, without the value of the Tube property. | "Sn=*" |
| ~= | Finds a specific item in which the value of the property contained is approximately equal to the specified value. | "Sn~=brning" may return sn=browning |
| & | Find items that match the criteria specified in all search filters | (& (Cn=john Browning) (L=dallas)) |
| | | Finds items that match the criteria specified in at least one search filter | "(| (Cn=john Browning) (L=dallas)) " |
| ! | Find items that do not match any of the criteria specified in the search filter | "(! (Cn=john Browning) (L=dallas)) " |
Search filters using Ldapsearch
You must use the search filter to specify the properties to search for. The syntax for the search filter is:
For example, the following search filter can find all of the specific items, with only the value of Smith as the SN (alternative) attribute in the item:
The ability to specify discretionary properties stored in a folder in a search filter. The following are common properties for searching for personal items:
You can specify a search filter on the Ldapsearch command line, or specify them in the file, and use the Lsearch parameter-F to reference the file. If you are using a file, specify each search filter in a separate row.
Note: Suppose LDAP folders (such as the Domino LDAP folder) Support language tags, you can include them in search filters. Like what:
Multiple search filters using Boolean operators
You can use multiple search filters and Boolean operators. Use the following syntax:
For example, use the following search filter to find items that are not known as Browning, and where the location is Dallas.
Boolean operators can be nested. For example, use the following search filter to find items in the Mail network domain MDN that surname is Caneel or givenname as Alfred:
Examples of using Ldapsearch
The following table provides examples of useful programs that use Ldapsearch.
| Search | Command |
| All entries on the host ldap.acme.com of port 389 are used, and all properties and values are returned | Ldapsearch-h ldap.acme.com "objectclass=*" |
| Same as above, but only property names are returned | Ldapsearch-a-H ldap.acme.com "objectclass=*" |
| All entries on the host ldap.acme.com of port 389 are used, and all aliases found are referenced in reverse | Ldapsearch-a always-h ldap.acme.com "objectclass=*" |
| Use all entries on the host ldap.acme.com of port 389 and return properties such as Mail, CN, SN, and givenname | Ldapsearch-h ldap.acme.com "objectclass=*" Mail cn sn givenname |
| On host ldap.acme.com using port 389, search (cn=mike*) under the "Ou=west,o=acme,c=us" Datum and return all properties and values | Ldapsearch-b "Ou=west,o=acme,c=us"-H ldap.acme.com "(cn=mike*)" |
| Use a level on the host ldap.acme.com of port 389 and return all properties and values | Ldapsearch-s onelevel-h ldap.acme.com "objectclass=*" |
| Ibid., but limits the scope of the benchmark | Ldapsearch-s base-h ldap.acme.com "objectclass=*" |
| Use all entries on the host ldap.acme.com of port 389 and return all properties and values; Search time is limited to five seconds | Ldapsearch-l 5-h ldap.acme.com "objectclass=*" |
| Use all entries on the host ldap.acme.com of port 389 and return all properties and values; limit size to five | Ldapsearch-z 5-h ldap.acme.com "objectclass=*" |
| Using all the entries on the host ldap.acme.com of port 389, the bundle is: User "Cn=john doe,o=acme", password "password", and return all properties and values in LDIF format | Ldapsearch-h ldap.acme.com-d "Cn=john doe,o=acme"-W password-l "objectclass=*" |
| Use the host ldap.acme.com for port 389. For the "Cn=john Doe,o=acme" entry, return all properties that it agrees to view anonymously | Ldapsearch-h ldap.acme.com "-S Base-b" Cn=john doe,o=acme "objectclass=*" |
| Configuration to listen for LDAP requests on Port 391 also has all the items on a host bluepages.ibm.com | Ldapsearch-h bluepages.ibm.com-p 391 "objectclass=*" |
| Bluepages.ibm.com on Port 391. Subtree Search (default) for any of the properties that match any of the attributes in the or filter, starting with the organization "O=IBM". The timeout value is 300 seconds, and the maximum number of items returned is set to 1000. Only the DN (default) and CN (which is the common filter for WEB applications) are returned. | Ldapsearch-h bluepages.ibm.com-p 391-b "O=IBM"-L 300-z (& (Objectclass=person) (| ( Cn=jerry seinfeld*) (givenname=jerryseinfeld*) (Sn=jerry seinfeld*) (Mail=jerry seinfeld*))) "CN |
| Bluepages.ibm.com on Port 391. Starting with the Datum "Cn=hr group,ou=asia,o=ibm", the time limit is 300 seconds, and all members of this item are queried. (There is also a common filter used by the WEB application to determine the membership of the group.) | Ldapsearch-h bluepages.ibm.com-p 391-b "Cn=hr group,ou=asia,o=ibm"-S Base-l "(objectclass=*)" member |
OpenLDAP---ldapsearch use
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
