HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
interpolation if there are shell variables. Refer to the operating system documentation for more
information.
B.2.2 ldapsearch command-line format
The ldapsearch command must use the following format:
ldapsearch [optional_options] [optional_search_filter] [optional_list_of_attributes]
• optional_options is a series of command line options. These must be specified before
the search filter, if any are used.
• optional_search_filter is an LDAP search filter as described in “LDAP search
filters” (page 560). Do not specify a separate search filter if search filters are specified in a file
using the -f option.
• optional_list_of_attributes is a list of attributes separated by a space. Specifying
a list of attributes reduces the number of attributes returned in the search results. This list of
attributes must appear after the search filter. For an example, see “Displaying subsets of
attributes” (page 559). If a list of attributes is not specified, the search returns values for all
attributes permitted by the access control set in the directory (with the exception of operational
attributes).
NOTE:
For operational attributes to be returned as a result of a search operation, they must be explicitly
specified in the search command. To retrieve regular attributes in addition to explicitly specified
operational attributes, use an asterisk (*) in the list of attributes in the ldapsearch command.
To retrieve no attributes, just a list of the matching DNs, use the special attribute 1.1. This is
useful, for example, to get a list of DNs to pass to the ldapdelete command.
B.2.3 Commonly used ldapsearch options
The following table lists the most commonly used ldapsearch command line options. If a specified
value contains a space ( ), the value should be surrounded by single or double quotation marks,
such as -b "ou=groups, dc=example,dc=com".
DescriptionOption
Specifies the starting point for the search. The value specified here must be a distinguished name
that currently exists in the database. This is optional if the LDAP_BASEDN environment variable has
-b
been set to a base DN. The value specified in this option should be provided in single or double
quotation marks. For example:
-b "cn=Barbara Jensen, ou=Product Development,dc=example,dc=com"
To search the root DSE entry, specify an empty string here, such as -b "" .
Specifies the distinguished name with which to authenticate to the server. This is optional if
anonymous access is supported by the server. If specified, this value must be a DN recognized by
-D
the Directory Server, and it must also have the authority to search for the entries. For example, -D
"uid=bjensen, dc=example,dc=com".
Specifies the host name or IP address of the machine on which the Directory Server is installed. For
example, -h mozilla. If a host is not specified, ldapsearch uses the localhost.
NOTE:
Directory Server supports both IPv4 and IPv6 IP addresses.
-h
Specifies the maximum number of seconds to wait for a search request to complete. For example,
-l 300. The default value for the nsslapd-timelimit attribute is 3600 seconds. Regardless
-l
of the value specified, ldapsearch will never wait longer than is allowed by the server's
nsslapd-timelimit attribute.
Specifies the TCP port number that the Directory Server uses. For example, -p 1049. The default
is 389. If -Z is used, the default is 636.
-p
B.2 Using ldapsearch 557