Ldap Search


ldapsearch -x -h <hostname> -D ‘<bind dn>’ -w ‘<password>’ -b ‘<base dn>”(|mail=**)(proxyAddress=**))’ dn proxyAddresses mail

Search options:
-a deref one of never (default), always, search, or find
-A retrieve attribute names only (no values)
-b basedn base dn for search
-E [!]<ext>[=<extparam>] search extensions (! indicates criticality)
[!]domainScope (domain scope)
[!]mv=<filter> (matched values filter)
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
[!]subentries[=true|false] (subentries)
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
-F prefix URL prefix for files (default: file:///tmp/)
-l limit time limit (in seconds, or “none” or “max”) for search
-L print responses in LDIFv1 format
-LL print responses in LDIF format without comments
-LLL print responses in LDIF format without comments
and version
-s scope one of base, one, sub or children (search scope)
-S attr sort the results by attribute `attr’
-t write binary values to files in temporary directory
-tt write all values to files in temporary directory
-T path write files to directory specified by path (default: /tmp)
-u include User Friendly entry names in the output
-z limit size limit (in entries, or “none” or “max”) for search
Common options:
-c continuous operation mode (do not stop on errors)
-C chase referrals (anonymously)
-d level set LDAP debugging level to `level’
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (an RFC 2254 Filter)
[!]authzid=<authzid> (“dn:<dn>” or “u:<user>”)
[!]postread[=<attrs>] (a comma-separated attribute list)
[!]preread[=<attrs>] (a comma-separated attribute list)
abandon, cancel (SIGINT sends abandon/cancel; not really controls)
-f file read operations from `file’
-h host LDAP server
-H URI LDAP Uniform Resource Indentifier(s)
-I use SASL Interactive mode
-k use Kerberos authentication
-K like -k, but do only step 1 of the Kerberos bind
-M enable Manage DSA IT control (-MM to make critical)
-n show what would be done but don’t actually do it
-O props SASL security properties
-p port port on LDAP server
-P version protocol version (default: 3)
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity (“dn:<dn>” or “u:<user>”)
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)

Leave a Reply