| Resolution | Supported versions of SUSE Linux and RHEL include the ldapsearch utility. To see a list of options to the ldapsearch command, type ldapsearch with no options at the command line prompt as in the following example:
$ ldapsearch
usage: ldapsearch [options] filter [attributes...]
where:
filter RFC-1558 compliant LDAP search filter
attributes whitespace-separated list of attributes to retrieve
(if no attribute list is given, all are retrieved)
options:
-n show what would be done but don't actually search
-v run in verbose mode (diagnostics to standard output)
-t write values to files in /tmp
-u include User Friendly entry names in the output
-A retrieve attribute names only (no values)
-B do not suppress printing of non-ASCII values
-L print entries in LDIF format (-B is implied)
-X print entries in XML format
-R do not automatically follow referrals
-d level set LDAP debugging level to `level'
-F sep print `sep' instead of `=' between attribute names and values
-S attr sort the results by attribute `attr'
-f file perform sequence of searches listed in `file'
-b basedn base dn for search
-s scope one of base, one, or sub (search scope)
-a deref one of never, always, search, or find (alias dereferencing)
-l time lim time limit (in seconds) for search
-z size lim size limit (in entries) for search
-D binddn bind dn
-w passwd bind passwd (for simple authentication)
-h host ldap server
-p port port on ldap server
-W Wallet Wallet location
-P Wpasswd Wallet Password
-U SSLAuth SSL Authentication Mode
-q prompt for simple bind password
-Q prompt for SSL wallet password
-E charset Character Set Encoding
-M send ManageDsaIT control to server
-G send RequiredAttribute control to server
-C send connectBy control to server
-T [-]sort_attr send serverSort control to server
-j page_size send Paging control to server
For more complete documentation on ldapsearch, type the following at the command line prompt:
$ man ldapsearch
EXAMPLE
The following example illustrates retrieving a single record from an Active Directory server.
Login to the RSA Identity Governance & Lifecycle server as either the root user or oracle user.
$ ldapsearch -h 192.168.26.120 -p 389 -D Administrator@2k8r2-vcloud.local -w <password> -z 1 -b 'ou=us,ou=vcloud users,
dc=2k8r2-vcloud,dc=local' '(&(objectClass=User) (objectcategory=person))'
CN=Book\, Rita,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=user
cn=Book, Rita
sn=Book
c=US
l=Pittsfield
st=NH
title=Captain
postalCode=03263
telephoneNumber=XXX-999-99
givenName=Radi
distinguishedName=CN=Book\, Rita,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local
instanceType=4
whenCreated=20191017170713.0Z
whenChanged=20191017170713.0Z
displayName=Book, Rita
uSNCreated=464053
uSNChanged=464057
streetAddress=12 Main Street
name=Book, Rita
objectGUID=NOT ASCII
userAccountControl=66048
badPwdCount=0
codePage=0
countryCode=0
badPasswordTime=0
lastLogoff=0
lastLogon=0
pwdLastSet=130265032330795255
primaryGroupID=513
objectSid=NOT ASCII
accountExpires=9223372036854775807
logonCount=0
sAMAccountName=RBook
sAMAccountType=805306368
userPrincipalName=RBook@2k8r2-vcloud.local
objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=2k8r2-vcloud,DC=local
dSCorePropagationData=16010101000000.0Z
mail=Rita.Book@armyspy.com
ldap_search: Sizelimit exceeded
where:
-h host
|
ldap server
|
-p port
|
port on the ldap server
|
-D
|
bind dn
|
-w passwd
|
bind passwd (for simple authentication)
|
-z size lim
|
size limit (in entries) for search
|
-b basedn
|
base dn for search
|
|
on Jun 14, 2016