Server User Manual
ldapsearch
245
Option Description
is useful with the -C for persistent searches
because it prints any entry modifications without
delay and without the search hanging. It can
also be used with other ldapsearches, not only
persistent searches.
PS:changetype Specifies which types of changes to entries allow
the entry to be returned in the persistent search.
There are four options:
• add
• delete
• modify
• moddn (modrdn)
• all
changesonly Sets whether to return all existing entries which
match the search filter (0) or only to return
matching entries when the entry is modified (1).
The default is 1.
entrychgcontrols Sets whether to send entry change controls,
additional information about the modification
made to the entry. If the value is set to 0, then
only the entry is returned. If the value is set to 1,
then a line is added to the entry as it is returned
to the persistent search that lists the changetype
performed on the entry. The default is 1.
Table 6.4. Persistent Search Options
SSL Options
The following command-line options can be used to specify that ldapsearch use LDAPS when
communicating with an SSL-enabled Directory Server or used for certificate-based authentication.
These options are valid only when LDAPS has been turned on and configured for the Directory Server.
For information on certificate-based authentication and creating a certificate database for use with
LDAP clients, see the "Managing SSL" chapter in the Directory Server Administrator's Guide.
In addition to the standard ldapsearch options such as the base (-b), scope (-s), and filter, the
follow options are required to run an ldapsearch command using SSL:
• -p with the Directory Server secure port
• -Z to specify to use SSL (or, alternatively, -ZZ or -ZZZ to specify Start TLS)
• -P to give certificate database's filename and path
• -N to give the SSL certificate name
• -K to specify the private key database's filename and path
• -W to give the password to the private key database