CONFIGURING


Examples of using ldapsearch
The following examples us the ldapsearch utility.

About this task

Table 1. Examples of using the ldapsearch utility
SearchCommand
All entries on host ldap.renovations.com using port 389, and return all attributes and valuesldapsearch -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations,com using port 389, and return attribute names onlyldapsearch -A -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations.com using port 389, return all attributes, and de-reference any aliases foundldapsearch -a always -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations.com using port 389, and return attributes=mail, cn, sn, givennameldapsearch -h ldap.renovations.com "objectClass=*" mail cn sn givenname
(cn=Mike*) under base "ou=West,o=Renovations, c=US" on host ldap.renovations.com using port 389, and return all attributes and valuesldapsearch -b "ou=West,o=Renovations,c=US" -h ldap.renovations.com "(cn=Mike*)"
One level on host ldap.renovations.com using port 389, and return all attributes and valuesldapsearch -s onelevel  -h ldap.renovations.com "objectClass=*"
One level on host ldap.renovations.com using port 389, and return all attributes and values, but with scope limited to baseldapsearch -s base -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations.com using port 389; return all attributes and values; do not exceed the time limit of five secondsldapsearch -l 5 -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations.com using port 389; return all attributes and values; do not exceed the size limit of fiveldapsearch -z 5 -h ldap.renovations.com "objectClass=*"
All entries on host ldap.renovations.com using port 389, binding as user "cn=John Doe,o=Renovations" with a password of "password", and return all attributes and values in LDIF formatldapsearch -h ldap.renovations.com -D "cn=john doe,o=renovations" -w password -L "objectClass=*"
Search the host ldap.renovations.com using port 389. All attributes that anonymous are allowed to see are returned for the entry "cn=John Doe,o=Renovations" ldapsearch -h ldap.renovations.com -s base -b "cn=john doe,o=renovations" "objectClass=*"
All entries on a different host, bluepages.ibm.com, which is configured to listen for LDAP requests on port 391ldapsearch -h bluepages.ibm.com -p 391 "objectClass=*"
Search bluepages.ibm.com on port 391. Doing a subtree search (default) starting in the organization "o=ibm" for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. There is a timeout value of 300 seconds and the maximum number of entries to return is set to 1000. And only the DN (default) and CN will be returned. (This is a common filter for Web applications).ldapsearch -h bluepages.ibm.com -p 391 -b "o=ibm" -l 300 -z 1000 "(&(objectclass=Person)(|(cn=mary smith*)(givenname=mary smith*)(sn=mary smith*)(mail=mary smith*)))" cn
Search bluepages.ibm.com on port 391 starting at the base entry "cn=HR Group,ou=Asia,o=IBM" with a time limit of 300 seconds and asking for all the members of this entry. (Another common filter in Web applications to determine group membership).ldapsearch -h bluepages.ibm.com -p 391 -b "cn=HR Group,ou=Asia,o=IBM" -s base -l 300 "(objectclass=*)" member

Related concepts
ldapsearch utility

Related tasks
Table of ldapsearch parameters
Using search filters with ldapsearch
Table of operators used in ldapsearch search filters
Using ldapsearch to return operational attributes