Lotus Domino Administrator 8 Help - Examples of using ldapsearch

DIRECTORY SERVICES

Examples of using ldapsearch
The following table provides examples of using the ldapsearch utility.

Search	Command
All entries on host ldap.acme.com using port 389, and return all attributes and values	ldapsearch -h ldap.acme.com "objectClass=*"
Same as above, but return only attribute names	ldapsearch -A -h ldap.acme.com" objectClass=*"
All entries on host ldap.acme.com using port 389, return all attributes, and de-reference any aliases found	ldapsearch -a always -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389, and return attributes=mail, cn, sn, givenname	ldapsearch -h ldap.acme.com "objectClass=*" mail cn sn givenname
(cn=Mike*) under base "ou=West,o=Acme, c=US" on host ldap.acme.com using port 389, and return all attributes and values	ldapsearch -b "ou=West,o=Acme,c=US" -h ldap.acme.com "(cn=Mike*)"
One level on host ldap.acme.com using port 389, and return all attributes and values	ldapsearch -s onelevel -h ldap.acme.com "objectClass=*"
Same as above, but limit scope to base	ldapsearch -s base -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the time limit of five seconds	ldapsearch -l 5 -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389; return all attributes and values; do not exceed the size limit of five	ldapsearch -z 5 -h ldap.acme.com "objectClass=*"
All entries on host ldap.acme.com using port 389, binding as user "cn=John Doe,o=Acme" with a password of "password", and return all attributes and values in LDIF format	ldapsearch -h ldap.acme.com -D "cn=john doe,o=acme" -w password -L "objectClass=*"
Search the host ldap.acme.com using port 389. All attributes that anonymous are allowed to see are returned for the entry "cn=John Doe,o=Acme"	ldapsearch -h ldap.acme.com" -s base -b "cn=john doe,o=acme" objectClass=*"
All entries on a different host, bluepages.ibm.com, which is configured to listen for LDAP requests on port 391	ldapsearch -h bluepages.ibm.com -p 391 "objectClass=*"
Search bluepages.ibm.com on port 391. Doing a subtree search (default) starting in the organization "o=ibm" for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. There is a timeout value of 300 seconds and the maximum number of entries to return is set to 1000. And only the DN (default) and CN will be returned. (This is a common filter for Web applications).	ldapsearch -h bluepages.ibm.com -p 391 -b "o=ibm" -l 300 -z 1000 "(&(objectclass=Person)(\|(cn=mary smith)(givenname=mary smith)(sn=mary smith)(mail=mary smith)))" cn
Search bluepages.ibm.com on port 391 starting at the base entry "cn=HR Group,ou=Asia,o=IBM" with a time limit of 300 seconds and asking for all the members of this entry. (Another common filter in Web applications to determine group membership).	ldapsearch -h bluepages.ibm.com -p 391 -b "cn=HR Group,ou=Asia,o=IBM" -s base -l 300 "(objectclass=*)" member

See also

Table of ldapsearch parameters

Using search filters with ldapsearch

Table of operators used in ldapsearch search filters

Using ldapsearch to return operational attributes

ldapsearch Utility

Feedback on Help or Product Usability?

Help on Help

All Help Contents