HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
B.2.4.3 Searching the root DSE entry
The root DSE is a special entry that contains a list of all the suffixes supported by the local Directory
Server. This entry can be searched by supplying a search base of "", a search scope of base,
and a filter of "objectclass=*". For example:
ldapsearch -h mozilla -b "" -s base "objectclass=*"
B.2.4.4 Searching the schema entry
Directory Server stores all directory server schema in the special cn=schema entry. This entry
contains information on every object class and attribute defined for the Directory Server. The
following command searches the contents of the cn=schema entry:
ldapsearch -h mozilla -b "cn=schema" -s base "objectclass=*"
B.2.4.5 Using LDAP_BASEDN
To make searching easier, it is possible to set the search base using the LDAP_BASEDN environment
variable. Doing this means that the search base does not have to be set with the -b option. Set
the environment variable according to the conventions of the shell you are using.
Typically, set LDAP_BASEDN to the directory's suffix value. Because the directory suffix is equal
to the root, or topmost, entry in the directory, this causes all searches to begin from the directory's
root entry.
For example, suppose LDAP_BASEDN is set to dc=example,dc=com. Then to search for cn=babs
jensen in the directory, use the following command line call:
ldapsearch -h mozilla "cn=babs jensen"
In this example, the default scope of sub is used because the -s option was not used to specify
the scope.
B.2.4.6 Displaying subsets of attributes
The ldapsearch command returns all search results in LDIF format. By default, ldapsearch
returns the entry's distinguished name and all the attributes that a user is allowed to read. The
directory access control can be set such that users are allowed to read only a subset of the attributes
on any given directory entry. Only operational attributes are not returned. For operational attributes
to be returned as a result of a search operation, explicitly specify them in the search command.
It may not be necessary to have all the attributes for an entry returned in the search results. The
returned attributes can be limited to just a few specific attributes by specifying the desired ones on
the command line immediately after the search filter. For example, to show the cn and sn attributes
for every entry in the directory, use the following command line call:
ldapsearch -h mozilla "objectclass=*" sn cn
This example assumes the search base is set with LDAP_BASEDN.
B.2.4.7 Specifying search filters using a file
Search filters can be entered into a file instead of entering them on the command line. In this case,
specify each search filter on a separate line in the file. The ldapsearch command runs each
search in the order in which it appears in the file.
For example:
sn=Francis
givenname=Richard
ldapsearch first finds all the entries with the surname Francis, then all the entries with the
given name Richard. If an entry is found that matches both search criteria, then the entry is
returned twice.
For example, suppose the previous search filters were specified in a file named searchdb, and
the search base is set using LDAP_BASEDN. Then the following returns all the entries that match
either search filter:
ldapsearch -h mozilla -f searchdb
B.2 Using ldapsearch 559