title: OpenDJ ldapsearch link: https://onemoretech.wordpress.com/2013/02/13/opendj-ldapsearch/ author: lembobro description: post_id: 4312 created: 2013/02/13 17:45:17 created_gmt: 2013/02/13 21:45:17 comment_status: closed post_name: opendj-ldapsearch status: publish post_type: post

OpenDJ ldapsearch

Just wanted to put together some examples of what you can do with OpenDJ's version of the ldapsearch tool. I think the OpenDJ Project's take on ldapsearch is very good, and it has become my preferred version in my daily work. Here's how to do the usual, and for some not-so-usual, stuff. Connecting over LDAPS:

ldapsearch -Z -h ldap.example.com -p 636 -b "" -s base "(objectclass=*)"

Certificate information will be displayed and you will be asked if you trust it. Choices are 1) No; 2) Yes, for this session only; 3) Yes, also add it to a truststore; 4) View certificate details. The default is 2. Using Simple Paged Results Control:

ldapsearch -h ldap.example.com 
-D "cn=admin,ou=special users,dc=example,dc=com" 
-w xxxxxxx 
-b "ou=people,dc=example,dc=com" 
-s sub 
--simplePageSize 200 
"(o=Corporate)" 
uid givenname sn mail departmentnumber

This should scroll 200 entries at a time, stopping after earch "page" of 200 to wait for you to hit the "RETURN key to continue". Most useful when searching Active Directory! Needs to be performed by a user with rights to invoke the control on the server. Getting all attributes in an entry, visible, system and hidden:

ldapsearch -h ldap.example.com -D "cn=directory manager" -w xxxxx 
-b "dc=example,dc=com" -s sub "(cn=Joe Smith)" '*' +

As far as I know the exact syntax of that last one doesn't show up in examples outside of this site (but I hope it will!). You're welcome.

Copyright 2004-2019 Phil Lembo