DIRECTORY SERVICES


Examples of using ldapsearch
The following table provides examples of using the ldapsearch utility.
SearchCommand
All entries on host ldap.acme.com using port 389, and return all attributes and valuesldapsearch -h ldap.acme.com "objectClass=*"
Same as above, but return only attribute names ldapsearch -A -h ldap.acme.com" objectClass=*"
All entries on host ldap.acme.com using port 389, return all attributes, and de-reference any aliases foundldapsearch -a always -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389, and return attributes=mail, cn, sn, givennameldapsearch -h ldap.acme.com "objectClass=*" mail cn sn givenname
(cn=Mike*) under base "ou=West,o=Acme, c=US" on host ldap.acme.com using port 389, and return all attributes and valuesldapsearch -b "ou=West,o=Acme,c=US" -h ldap.acme.com "(cn=Mike*)"
One level on host ldap.acme.com using port 389, and return all attributes and valuesldapsearch -s onelevel -h ldap.acme.com "objectClass=*"
Same as above, but limit scope to baseldapsearch -s base -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the time limit of five secondsldapsearch -l 5 -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the size limit of fiveldapsearch -z 5 -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389, binding as user "cn=John Doe,o=Acme" with a password of "password", and return all attributes and values in LDIF formatldapsearch -h ldap.acme.com -D "cn=john doe,o=acme" -w password -L "objectClass=*"
Search the host ldap.acme.com using port 389. All attributes that anonymous are allowed to see are returned for the entry "cn=John Doe,o=Acme" ldapsearch -h ldap.acme.com" -s base -b "cn=john doe,o=acme" objectClass=*"
All entries on a different host, bluepages.ibm.com, which is configured to listen for LDAP requests on port 391ldapsearch -h bluepages.ibm.com -p 391 "objectClass=*"
Search bluepages.ibm.com on port 391. Doing a subtree search (default) starting in the organization "o=ibm" for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. There is a timeout value of 300 seconds and the maximum number of entries to return is set to 1000. And only the DN (default) and CN will be returned. (This is a common filter for Web applications).ldapsearch -h bluepages.ibm.com -p 391 -b "o=ibm" -l 300 -z 1000 "(&(objectclass=Person)(|(cn=mary smith*)(givenname=mary smith*)(sn=mary smith*)(mail=mary smith*)))" cn
Search bluepages.ibm.com on port 391 starting at the base entry "cn=HR Group,ou=Asia,o=IBM" with a time limit of 300 seconds and asking for all the members of this entry. (Another common filter in Web applications to determine group membership).ldapsearch -h bluepages.ibm.com -p 391 -b "cn=HR Group,ou=Asia,o=IBM" -s base -l 300 "(objectclass=*)" member
Related topics