| Parameter | Use to |
| -? | Print help on using ldapsearch. |
| -a deref | Specify alias de-referencing. Enter never, always, search, or find. Never is the default if you don't use this parameter. |
| -A | Retrieve only attribute names, not the values for the attributes. |
| -b base dn | Specify a distinguished name to use as the starting point for beginning the search. Use quotation marks to specify the value -- for example: "ou=West,o=Acme,c=US"
You must use this parameter if the server you're searching requires you to specify a search base. Otherwise, it is optional.
Optionally use -s along with -b to determine the scope of the search. Without -s, -b searches the entry specified as the starting point and all descendants of the entry. |
| -B | Allow printing of non-ASCII values |
| -D bind dn | Specify a distinguished name that the server uses to authenticate you. The name must correspond to an entry in the directory and must have the necessary access to search the directory.
Specify the name in quotation marks -- for example: "cn=Directory Manager,o=Acme,c=US"
If you don't use this parameter, the connection to the server occurs anonymously. You must use -D if the server doesn't allow anonymous connections.
Along with -D, you must use the -w parameter to specify a password associated with the distinguished name. |
| -f file | Specify a file that contains search filters to use -- for example, -f filters. Place each search filter on a separate line. ldapsearch performs one search for each line. Optionally specify a filter pattern. For example, specify -f filters "cn=%s" and enter a common name value on each line in the file. |
| -F sep | Print sep rather than equal sign (=) between attribute names and values. Use this parameter, for example, if a tool that reads the ldapsearch output expects a different separator. |
| -h host name | Specify the host name of the server to which you're connecting -- for example, -h server.acme.com. |
| -l timelimit | Specify a time limit (in seconds) for the search to complete. If you do not specify this parameter or if you specify a limit of 0, searches can take an unlimited amount of time. ldapsearch never waits longer than a search time limit set on the server, however. |
| -L | Specify that the output is in LDIF format. LDIF format uses a colon (:) as the attribute delineator rather than an equal sign (=). LDIF is useful for adding or modifying many directory entries at once. For example, you can import the contents of the output into an LDAP-compliant directory. |
| -M | Manage referral objects as normal entries so that ldapsearch returns attributes for the referral entries themselves, rather than for the entries referred to. |
| -n | Show how a search would be performed, but do not actually perform the search. |
| -p port | Specify the port that the server uses. If you don't use this parameter, ldapsearch uses port 389. |
| -R | Do not automatically follow search references returned by the server. |
| -s scope | Specify the scope of the search when you use the -b parameter:
- base -- to search only the entry specified with the -b parameter
- onelevel -- to search only the immediate children of the entry specified with the -b parameter but not the entry itself
- subtree -- to search the entry specified with the -b parameter and all of its descendants. This is the default behavior when you use -b without -s.
The order in which you specify -b and -s is unimportant. |
| -S attribute | Sort the results by a specified attribute. |
| -z sizelimit | Specify the maximum number of entries to return. If you don't specify this parameter or if you specify a limit of 0, an unlimited number of entries are returned. ldapsearch never returns more entries than the server allows, however. |
| -u | Specify that ldapsearch return distinguished names in a user-friendly format. |
| -v | Specify that ldapsearch run in verbose mode. |
| -w password | Specify the password associated with a distinguished name used with the -D parameter. |
| -x | Use with -S to specify that that LDAP server sorts the results before returning them. If you use -S without -x, ldapsearch sorts the results. |