Server User Manual
Chapter 6. Command-Line Utilities
242
Option Description
-b Specifies the starting point for the search. The
value specified here must be a distinguished
name that currently exists in the database.
This option is optional if the LDAP_BASEDN
environment variable has been set to a base DN.
The value specified in this option should
be provided in double quotation marks. For
example:
-b "cn=Barbara Jensen, ou=Product
Development, dc=example,dc=com"
The root DSE entry is a special entry that
contains a list of all the suffixes supported by
the local directory. To search this entry, supply a
search base of "", a search scope of base, and
a filter of "objectclass=*". For example:
-b "" -s base "objectclass=*"
-D Specifies the distinguished name with which
to authenticate to the server. This option is
optional if anonymous access is supported by
the server. If specified, this value must be a DN
recognized by the Directory Server, and it must
also have the authority to search for the entries.
For example:
-D "uid=bjensen, dc=example,dc=com"
-g Specifies that the password policy request
control not be sent with the bind request. By
default, the new LDAP password policy request
control is sent with bind requests.
The ldapsearch tool can parse and display
information from the response control if it is
returned by a server; that is, the tool will print
an appropriate error or warning message when
a server sends the password policy response
control with the appropriate value.
The criticality of the request control is set to
false to ensure that all LDAPv3 servers that
do not understand the control can ignore it. To
suppress sending of the request control with the
bind request, include -g on the command-line.
-h Specifies the hostname or IP address of the
machine on which the Directory Server is