Name

ldapsearch — perform LDAP search operations

Synopsis

ldapsearch {options} [filter] [attributes...]

Options

The following options are supported.

-a, --dereferencePolicy {dereferencePolicy}

Alias dereference policy ('never', 'always', 'search', or 'find')

Default value: never

-A, --typesOnly

Only retrieve attribute names but not their values

--assertionFilter {filter}

Use the LDAP assertion control with the provided filter

-b, --baseDN {baseDN}

Base DN format string

-c, --continueOnError

Continue processing even if there are errors

-C, --persistentSearch ps[:changetype[:changesonly[:entrychgcontrols]]]

Use the persistent search control

--countEntries

Count the number of entries returned by the server

-e, --getEffectiveRightsAttribute {attribute}

Specifies geteffectiverights control specific attribute list

-f, --filename {file}

LDIF file containing the changes to apply

-g, --getEffectiveRightsAuthzid {authzID}

Use geteffectiverights control with the provided authzid

-G, --virtualListView {before:after:index:count | before:after:value}

Use the virtual list view control to retrieve the specified results page

-J, --control {controloid[:criticality[:value|::b64value|:<filePath]]}

Use a request control with the provided information

-l, --timeLimit {timeLimit}

Maximum length of time in seconds to allow for the search

Default value: 0

--matchedValuesFilter {filter}

Use the LDAP matched values control with the provided filter

-n, --dry-run

Show what would be done but do not perform any operation

-s, --searchScope {searchScope}

Search scope ('base', 'one', 'sub', or 'subordinate')

Default value: sub

subordinate is an LDAP extension that might not work with all LDAP servers.

-S, --sortOrder {sortOrder}

Sort the results using the provided sort order

--simplePageSize {numEntries}

Use the simple paged results control with the given page size

Default value: 1000

-Y, --proxyAs {authzID}

Use the proxied authorization control with the given authorization ID

-z, --sizeLimit {sizeLimit}

Maximum number of entries to return from the search

Default value: 0

Exit Codes

0

The command completed successfully.

ldap-error

An LDAP error occurred while processing the operation.

LDAP result codes are described in RFC 4511. Also see the additional information for details.

89

An error occurred while parsing the command-line arguments.

Examples

The following example searches for entries with UID containing jensen, returning only DNs and uid values.

$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=*jensen*)" uid
dn: uid=ajensen,ou=People,dc=example,dc=com
uid: ajensen

dn: uid=bjensen,ou=People,dc=example,dc=com
uid: bjensen

dn: uid=gjensen,ou=People,dc=example,dc=com
uid: gjensen

dn: uid=jjensen,ou=People,dc=example,dc=com
uid: jjensen

dn: uid=kjensen,ou=People,dc=example,dc=com
uid: kjensen

dn: uid=rjensen,ou=People,dc=example,dc=com
uid: rjensen

dn: uid=tjensen,ou=People,dc=example,dc=com
uid: tjensen


Result Code:  0 (Success)

You can also use @objectclass notation in the attribute list to return the attributes of a particular object class. The following example shows how to return attributes of the inetOrgPerson object class.

$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" @inetorgperson
dn: uid=bjensen,ou=People,dc=example,dc=com
givenName: Barbara
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: bjensen
cn: Barbara Jensen
cn: Babs Jensen
telephoneNumber: +1 408 555 1862
sn: Jensen
roomNumber: 0209
mail: bjensen@example.com
l: Cupertino
ou: Product Development
ou: People
facsimileTelephoneNumber: +1 408 555 1992

You can use + in the attribute list to return all operational attributes, as in the following example.

$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" +
dn: uid=bjensen,ou=People,dc=example,dc=com
numSubordinates: 0
structuralObjectClass: inetOrgPerson
etag: 0000000073c29972
pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config
subschemaSubentry: cn=schema
hasSubordinates: false
entryDN: uid=bjensen,ou=people,dc=example,dc=com
entryUUID: fc252fd9-b982-3ed6-b42a-c76d2546312c