title: ldapsearch including operational attributes link: https://onemoretech.wordpress.com/2011/05/04/ldapsearch-including-operational-attributes/ author: lembobro description: post_id: 39 created: 2011/05/04 18:06:43 created_gmt: 2011/05/04 18:06:43 comment_status: open post_name: ldapsearch-including-operational-attributes status: publish post_type: post

ldapsearch including operational attributes

I'm pretty sure I've covered this elsewhere, but just in case: To get all attributes for an entry plus select "operational" attributes (timestamps, etc.), use this syntax (example is for the OpenLDAP version of ldapsearch commonly found on Linux machines):

ldapsearch -x -LLL -h hostname -D "cn=directory manager" 
-W -b "dc=example,dc=com" -s sub "(uid=targetuserid)" "*" createtimestamp 
creatorsname modifytimestamp modifiersname

Very important to remember to put those quotes around the asterisk (you can use single or double). Some directory servers may not honor this syntax. It works with Sun Directory and OpenLDAP, but not Oracle Internet Directory, for example. Added 04/14/2016: The version of ldapsearch that ships with OpenDJ requires a slightly different syntax, as you might have guessed (why would anyone want to do things the same way?):

ldapsearch -h hostname -D "cn=directory manager" -w xxxx
-b "dc=example,dc=com" -s sub "(uid=targetuserid)" '*' '+'

Those are single quotes around the symbols, by the way. Double quotes won't work.

Copyright 2004-2019 Phil Lembo