Examples of using ldapsearch
The following examples us the ldapsearch utility.
About this task
| Search |
Command |
|---|---|
| All entries on host ldap.renovations.com using port 389, and return all attributes and values |
ldapsearch -h ldap.renovations.com "objectClass=*" |
| All entries on host ldap.renovations,com using port 389, and return attribute names only |
ldapsearch -A -h ldap.renovations.com
"objectClass=*" |
| All entries on host ldap.renovations.com using port 389, return all attributes, and de-reference any aliases found |
ldapsearch -a always -h ldap.renovations.com
"objectClass=*" |
| All entries on host ldap.renovations.com using port 389, and return attributes=mail, cn, sn, givenname |
ldapsearch -h ldap.renovations.com "objectClass=*"
mail cn sn givenname |
| (cn=Mike*) under base "ou=West,o=Renovations, c=US" on host ldap.renovations.com using port 389, and return all attributes and values |
ldapsearch -b "ou=West,o=Renovations,c=US"
-h ldap.renovations.com "(cn=Mike*)" |
| One level on host ldap.renovations.com using port 389, and return all attributes and values |
ldapsearch -s onelevel -h ldap.renovations.com
"objectClass=*" |
| One level on host ldap.renovations.com using port 389, and return all attributes and values, but with scope limited to base |
ldapsearch -s base -h ldap.renovations.com
"objectClass=*" |
| All entries on host ldap.renovations.com using port 389; return all attributes and values; do not exceed the time limit of five seconds |
ldapsearch -l 5 -h ldap.renovations.com
"objectClass=*" |
| All entries on host ldap.renovations.com using port 389; return all attributes and values; do not exceed the size limit of five |
ldapsearch -z 5 -h ldap.renovations.com
"objectClass=*" |
| All entries on host ldap.renovations.com using port 389, binding as user "cn=John Doe,o=Renovations" with a password of "password", and return all attributes and values in LDIF format |
ldapsearch -h ldap.renovations.com -D
"cn=john doe,o=renovations" -w password -L "objectClass=*" |
| Search the host ldap.renovations.com using port 389. All attributes that anonymous are allowed to see are returned for the entry "cn=John Doe,o=Renovations" |
ldapsearch -h ldap.renovations.com -s
base -b "cn=john doe,o=renovations" "objectClass=*" |
| All entries on a different host, bluepages.ibm.com, which is configured to listen for LDAP requests on port 391 |
ldapsearch -h bluepages.ibm.com -p 391
"objectClass=*" |
| Search bluepages.ibm.com on port 391. Doing a subtree search (default) starting in the organization "o=ibm" for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. There is a timeout value of 300 seconds and the maximum number of entries to return is set to 1000. And only the DN (default) and CN will be returned. (This is a common filter for Web applications). |
ldapsearch -h bluepages.ibm.com -p 391
-b "o=ibm" -l 300 -z 1000 "(&(objectclass=Person)(|(cn=mary smith*)(givenname=mary
smith*)(sn=mary smith*)(mail=mary smith*)))" cn |
| Search bluepages.ibm.com on port 391 starting at the base entry "cn=HR Group,ou=Asia,o=IBM" with a time limit of 300 seconds and asking for all the members of this entry. (Another common filter in Web applications to determine group membership). |
ldapsearch -h bluepages.ibm.com -p 391
-b "cn=HR Group,ou=Asia,o=IBM" -s base -l 300 "(objectclass=*)" member |