Working with Ldapsearch Options - Analytics Database - Teradata Vantage

Security Administration

Analytics Database
Teradata Vantage
Release Number
June 2022
English (United States)
Last Update
Product Category
Teradata Vantage™
Option or Argument Description
-x Specifies that the search uses simple binding, if offered by the directory. You cannot use the -x option with the -Y option.
–D user Passes the user identity when you specify -x (simple binding). The name format you use may depend on the directory type. You can use:
  • The FQDN for the user on all certified directories.
  • user@domain on Active Directory
  • The contents of the userPrincipalName attribute for the user on ADAM or AD LDS
-w password Specifies the directory user password in the ldapsearch command.
It is not recommended to use -w as it displays the password on the command line.
-W Specifies that the ldapsearch prompts the user for a password.
-R realm Specifies a realm offered by the directory server. This option is valid only when the directory server offers more than one realm.
–b basedn Specifies the FQDN of the of the directory object that constitutes the search base, that is, the starting point for the directory search.

If you omit this option, the search uses the directory defaults in the ldaprc or .ldaprc file. For more information, go to:

-s scope Specifies the scope of the search.
  • one: Searches the children of the object identified by the search base (-b option).
  • base: Searches only the object identified by the search base (-b option).
  • sub: Specifies a subtree search (or deep search). A deep search includes any object names contained in the -b option, and any other objects included in the subtree named by the search base.
If you use the root node as the search base (the usual default) with a scope of sub, the command searches the entire directory.
-H scheme://host:port/ Identifies the URI for the LDAP directory server.

See LdapServerName for valid settings.

-Z Requests that the search use TLS protection for the search authentication token exchange. If TLS is not available, -Z returns an error message, but the search continues (without protection).
-ZZ Same as -Z, but if TLS is not available, the search fails.
filter Specifies the filter for the search, and is approximately equivalent to an SQL WHERE clause.

You must use a unique syntax to specify a filter, in accordance with IETF RFC 2254. Go to:

If you do not specify a filter, the search uses ‘(objectClass=*)’.

All search filters must begin with a ‘(‘ character, which is not allowed in an attribute name.
attr1 [attr2 …] Lists one or more optional arguments that tell the server the names of attributes it must return. If you do not specify any attributes, the search returns all user defined attributes for each object that matches the search criteria, for most directory types. Specify:
  • ‘*’ to include all normal attributes.
  • ‘+’ to include all operational attributes, that is, those attributes the server uses to manage the object.
  • ‘1.1’ to return no attributes.

For some directory types, such as OpenLDAP, you can use ‘+’ and ‘*’ to request all user attributes and all system attributes, respectively.

A search always returns the FQDN of the object.