Resolution | Supported versions of SUSE Linux and RHEL include the ldapsearch utility. To see a list of options to the ldapsearch command, type ldapsearch with no options at the command line prompt as in the following example:
$ ldapsearch usage: ldapsearch [options] filter [attributes...] where: filter RFC-1558 compliant LDAP search filter attributes whitespace-separated list of attributes to retrieve (if no attribute list is given, all are retrieved) options: -n show what would be done but don't actually search -v run in verbose mode (diagnostics to standard output) -t write values to files in /tmp -u include User Friendly entry names in the output -A retrieve attribute names only (no values) -B do not suppress printing of non-ASCII values -L print entries in LDIF format (-B is implied) -X print entries in XML format -R do not automatically follow referrals -d level set LDAP debugging level to `level' -F sep print `sep' instead of `=' between attribute names and values -S attr sort the results by attribute `attr' -f file perform sequence of searches listed in `file' -b basedn base dn for search -s scope one of base, one, or sub (search scope) -a deref one of never, always, search, or find (alias dereferencing) -l time lim time limit (in seconds) for search -z size lim size limit (in entries) for search -D binddn bind dn -w passwd bind passwd (for simple authentication) -h host ldap server -p port port on ldap server -W Wallet Wallet location -P Wpasswd Wallet Password -U SSLAuth SSL Authentication Mode -q prompt for simple bind password -Q prompt for SSL wallet password -E charset Character Set Encoding -M send ManageDsaIT control to server -G send RequiredAttribute control to server -C send connectBy control to server -T [-]sort_attr send serverSort control to server -j page_size send Paging control to server
For more complete documentation on ldapsearch, type the following at the command line prompt:
$ man ldapsearch
EXAMPLE
The following example illustrates retrieving a single record from an Active Directory server.
Login to the RSA Identity Governance & Lifecycle server as either the root user or oracle user.
$ ldapsearch -h 192.168.26.120 -p 389 -D Administrator@2k8r2-vcloud.local -w <password> -z 1 -b 'ou=us,ou=vcloud users, dc=2k8r2-vcloud,dc=local' '(&(objectClass=User) (objectcategory=person))' CN=Book\, Rita,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local objectClass=top objectClass=person objectClass=organizationalPerson objectClass=user cn=Book, Rita sn=Book c=US l=Pittsfield st=NH title=Captain postalCode=03263 telephoneNumber=XXX-999-99 givenName=Radi distinguishedName=CN=Book\, Rita,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local instanceType=4 whenCreated=20191017170713.0Z whenChanged=20191017170713.0Z displayName=Book, Rita uSNCreated=464053 uSNChanged=464057 streetAddress=12 Main Street name=Book, Rita objectGUID=NOT ASCII userAccountControl=66048 badPwdCount=0 codePage=0 countryCode=0 badPasswordTime=0 lastLogoff=0 lastLogon=0 pwdLastSet=130265032330795255 primaryGroupID=513 objectSid=NOT ASCII accountExpires=9223372036854775807 logonCount=0 sAMAccountName=RBook sAMAccountType=805306368 userPrincipalName=RBook@2k8r2-vcloud.local objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=2k8r2-vcloud,DC=local dSCorePropagationData=16010101000000.0Z mail=Rita.Book@armyspy.com ldap_search: Sizelimit exceeded
where:
-h host | ldap server | -p port | port on the ldap server | -D | bind dn | -w passwd | bind passwd (for simple authentication) | -z size lim | size limit (in entries) for search | -b basedn | base dn for search |
|