The ldapsearch Command-Line Tool

Process one or more searches in an LDAP directory server.

The criteria for the search request can be specified in a number of different ways, including providing all of the details directly via command-line arguments, providing all of the arguments except the filter via command-line arguments and specifying a file that holds the filters to use, or specifying a file that includes a set of LDAP URLs with the base DN, scope, filter, and attributes to return.

See the examples below for a number of sample command lines for this tool.

Usage

ldapsearch {arguments} {filter} [{attr1} [{attr2} ...]]

LDAP Connection and Authentication Arguments

Operation Arguments

Data Arguments

Control Arguments

Entry Transformation Arguments

Additional Arguments

Dependent Argument Sets

Exclusive Argument Sets

Examples

    ldapsearch --hostname directory.example.com --port 389 \
         --bindDN uid=jdoe,ou=People,dc=example,dc=com \
         --bindPassword password --baseDN ou=People,dc=example,dc=com \
         --scope sub "(uid=jqpublic)" givenName sn mail
    ldapsearch --hostname directory.example.com --port 636 --useSSL \
         --saslOption mech=PLAIN --saslOption authID=u:jdoe \
         --bindPasswordFile /path/to/password/file \
         --baseDN ou=People,dc=example,dc=com --scope sub \
         --filterFile /path/to/filter/file \
         --outputFile /path/to/base/output/file \
         --separateOutputFilePerSearch --requestedAttribute '*' \
         --requestedAttribute "+"
    ldapsearch --hostname directory.example.com --port 389 --useStartTLS \
         --trustStorePath /path/to/truststore/file --baseDN "" --scope base \
         --outputFile /path/to/output/file \
         --teeResultsToStandardOut '(objectClass=*)' '*' "+"
    ldapsearch --hostname directory.example.com --port 389 \
         --bindDN uid=admin,dc=example,dc=com --baseDN dc=example,dc=com \
         --scope sub --outputFile /path/to/output/file --simplePageSize 100 \
         '(objectClass=*)' '*' "+"
    ldapsearch --hostname directory.example.com --port 389 \
         --bindDN uid=admin,dc=example,dc=com --baseDN dc=example,dc=com \
         --scope sub "(&(givenName=John)(sn=Doe))" debugsearchindex