|Option or Argument||Description|
|-x||Specifies that the search uses simple binding, if offered by the directory. You cannot use the -x option with the -Y option.|
|–D user||Passes the user identity when you specify -x (simple binding). The name format you use may depend on the directory type. You can use:
|-w password||Specifies the directory user password in the ldapsearch command.
It is not recommended to use -w as it displays the password on the command line.
|-W||Specifies that the ldapsearch prompts the user for a password.|
|-R realm||Specifies a realm offered by the directory server. This option is valid only when the directory server offers more than one realm.|
|–b basedn||Specifies the FQDN of the of the directory object that constitutes the search base, that is, the starting point for the directory search.
If you omit this option, the search uses the directory defaults in the ldaprc or .ldaprc file. For more information, go to: http://www.openldap.org.
|-s scope||Specifies the scope of the search.
If you use the root node as the search base (the usual default) with a scope of sub, the command searches the entire directory.
|-H scheme://host:port/||Identifies the URI for the LDAP directory server.
See LdapServerName for valid settings.
|-Z||Requests that the search use TLS protection for the search authentication token exchange. If TLS is not available, -Z returns an error message, but the search continues (without protection).|
|-ZZ||Same as -Z, but if TLS is not available, the search fails.|
|filter||Specifies the filter for the search, and is approximately equivalent to an SQL WHERE clause.
You must use a unique syntax to specify a filter, in accordance with IETF RFC 2254. Go to: http://www.faqs.org/rfcs/rfc2254.html.
If you do not specify a filter, the search uses ‘(objectClass=*)’.
All search filters must begin with a ‘(‘ character, which is not allowed in an attribute name.
|attr1 [attr2 …]||Lists one or more optional arguments that tell the server the names of attributes it must return. If you do not specify any attributes, the search returns all user defined attributes for each object that matches the search criteria, for most directory types. Specify:
For some directory types, such as OpenLDAP, you can use ‘+’ and ‘*’ to request all user attributes and all system attributes, respectively.
A search always returns the FQDN of the object.