Search | Command |
All entries on host ldap.acme.com using port 389, and return all attributes and values | ldapsearch -h ldap.acme.com "objectClass=*" |
Same as above, but return only attribute names | ldapsearch -A -h ldap.acme.com" objectClass=*" |
All entries on host ldap.acme.com using port 389, return all attributes, and de-reference any aliases found | ldapsearch -a always -h ldap.acme.com "objectClass=*" |
All entries on host ldap.acme.com using port 389, and return attributes=mail, cn, sn, givenname | ldapsearch -h ldap.acme.com "objectClass=*" mail cn sn givenname |
(cn=Mike*) under base "ou=West,o=Acme, c=US" on host ldap.acme.com using port 389, and return all attributes and values | ldapsearch -b "ou=West,o=Acme,c=US" -h ldap.acme.com "(cn=Mike*)" |
One level on host ldap.acme.com using port 389, and return all attributes and values | ldapsearch -s onelevel -h ldap.acme.com "objectClass=*" |
Same as above, but limit scope to base | ldapsearch -s base -h ldap.acme.com "objectClass=*" |
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the time limit of five seconds | ldapsearch -l 5 -h ldap.acme.com "objectClass=*" |
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the size limit of five | ldapsearch -z 5 -h ldap.acme.com "objectClass=*" |
All entries on host ldap.acme.com using port 389, binding as user "cn=John Doe,o=Acme" with a password of "password", and return all attributes and values in LDIF format | ldapsearch -h ldap.acme.com -D "cn=john doe,o=acme" -w password -L "objectClass=*" |
Search the host ldap.acme.com using port 389. All attributes that anonymous are allowed to see are returned for the entry "cn=John Doe,o=Acme" | ldapsearch -h ldap.acme.com" -s base -b "cn=john doe,o=acme" objectClass=*" |
All entries on a different host, bluepages.ibm.com, which is configured to listen for LDAP requests on port 391 | ldapsearch -h bluepages.ibm.com -p 391 "objectClass=*" |
Search bluepages.ibm.com on port 391. Doing a subtree search (default) starting in the organization "o=ibm" for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. There is a timeout value of 300 seconds and the maximum number of entries to return is set to 1000. And only the DN (default) and CN will be returned. (This is a common filter for Web applications). | ldapsearch -h bluepages.ibm.com -p 391 -b "o=ibm" -l 300 -z 1000 "(&(objectclass=Person)(|(cn=mary smith*)(givenname=mary smith*)(sn=mary smith*)(mail=mary smith*)))" cn |
Search bluepages.ibm.com on port 391 starting at the base entry "cn=HR Group,ou=Asia,o=IBM" with a time limit of 300 seconds and asking for all the members of this entry. (Another common filter in Web applications to determine group membership). | ldapsearch -h bluepages.ibm.com -p 391 -b "cn=HR Group,ou=Asia,o=IBM" -s base -l 300 "(objectclass=*)" member |