|Option or Argument||Description|
|-x||Specifies that the search uses simple binding, if offered by the directory. You cannot use the -x option with the -Y option.|
|–D user||Passes the user identity when you specify -x (simple binding). The name format you use may depend on the directory type. You can use:
|-Y DIGEST-MD5||Specifies that the search uses DIGEST-MD5 binding, if offered by the directory. You cannot be use the -Y option with the -x option.|
|–U user||Passes the user identity when the search uses a DIGEST-MD5 bind, that is, when you specify -Y DIGEST-MD5.|
|-w password||Specifies the directory user password in the ldapsearch command.|
|-W||Specifies that the ldapsearch prompts the user for a password.|
|-R realm||Specifies a SASL realm offered by the directory server. This option is valid only when the directory server offers more than one realm.
Set up the -R option similarly to the LdapServerRealm property. See LdapServerRealm.
|–b basedn||The FQDN of the of the directory object that constitutes the search base, that is, the starting point for the directory search.
If you omit this option, the search uses the directory defaults in the ldaprc or .ldaprc file. For more information, go to: http://www.openldap.org.
|-s scope||Use this option to specify the scope of the search.
If you use the root node as the search base (the usual default) with a scope of sub, the command searches the entire directory.
|-H scheme://host:port/||Identifies the URI for the LDAP directory server.
See LdapServerName for valid settings.
|-Z||Requests that the search use TLS protection for the search authentication token exchange. If TLS is not available, -Z returns an error message, but the search continues (without protection).|
|-ZZ||Same as -Z, but if TLS is not available, the search aborts.|
|filter||Specifies the filter for the search, and is approximately equivalent to an SQL WHERE clause.
You must use a unique syntax to specify a filter, in accordance with IETF RFC 2254. Go to: http://www.faqs.org/rfcs/rfc2254.html.
If you do not specify a filter, the search uses ‘(objectClass=*)’.
All search filters must begin with a ‘(‘ character, which is not legal in an attribute name.
|attr1 [attr2 …]||A space separated list of one or more optional arguments that tell the server the names of attributes it must return. If you do not specify any attributes, the search returns all user defined attributes for each object that matches the search criteria, for most directory types. Specify:
For some directory types, such as OpenLDAP, you can use ‘+’ and ‘*’ to request all user attributes and all system attributes, respectively.
A search always returns the FQDN of the object.