Name

ldifsearch — search LDIF with LDAP filters

Synopsis

ldifsearch {options} [filter] [attribute...]

Description

This utility can be used to perform search operations against data in an LDIF file.

Options

The following options are supported.

-b, --baseDN {baseDN}

The base DN for the search. Multiple base DNs may be specified by providing the option multiple times. If no base DN is provided, then the root DSE will be used.

-f, --filterFile {filterFile}

The path to the file containing the search filter(s) to use. If this is not provided, then the filter must be provided on the command line after all configuration options.

-l, --ldifFile {ldifFile}

LDIF file containing the data to search. Multiple files may be specified by providing the option multiple times. If no files are provided, the data will be read from standard input.

-o, --outputFile {outputFile}

The path to the output file to which the matching entries should be written. If this is not provided, then the data will be written to standard output.

-O, --overwriteExisting

Any existing output file should be overwritten rather than appending to it.

-s, --searchScope {scope}

The scope for the search. It must be one of 'base', 'one', 'sub', or 'subordinate'. If it is not provided, then 'sub' will be used.

-t, --timeLimit {timeLimit}

Maximum length of time (in seconds) to spend processing.

Default value: 0

-T, --dontWrap

Long lines should not be wrapped.

-V, --version

Display version information.

-z, --sizeLimit {sizeLimit}

Maximum number of matching entries to return.

Default value: 0

-?, -H, --help

Display usage information.

Filter

The filter argument is a string representation of an LDAP search filter as in (cn=Babs Jensen), (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))), or (cn:caseExactMatch:=Fred Flintstone).

Attribute

The optional attribute list specifies the attributes to return in the entries found by the search. In addition to identifying attributes by name such as cn sn mail and so forth, you can use the following notations, too.

*

Return all user attributes such as cn, sn, and mail.

+

Return all operational attributes such as etag and pwdPolicySubentry.

@objectclass

Return all attributes of the specified object class, where objectclass is one of the object classes on the entries returned by the search.

Exit Codes

0

The command completed successfully.

> 0

An error occurred.

Examples

The following example demonstrates use of the command.

$ ldifsearch -l /path/to/Example.ldif -b dc=example,dc=com uid=bjensen
dn: uid=bjensen,ou=People,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: bjensen
userpassword: hifalutin
facsimiletelephonenumber: +1 408 555 1992
givenname: Barbara
cn: Barbara Jensen
cn: Babs Jensen
telephonenumber: +1 408 555 1862
sn: Jensen
roomnumber: 0209
homeDirectory: /home/bjensen
mail: bjensen@example.com
l: Cupertino
ou: Product Development
ou: People
uidNumber: 1076
gidNumber: 1000

You can also use @objectclass notation in the attribute list to return the attributes of a particular object class. The following example shows how to return attributes of the posixAccount object class. 

$ ldifsearch --ldifFile /path/to/Example.ldif
 --baseDN dc=example,dc=com "(uid=bjensen)" @posixaccount
dn: uid=bjensen,ou=People,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: bjensen
userpassword: hifalutin
cn: Barbara Jensen
cn: Babs Jensen
homeDirectory: /home/bjensen
uidNumber: 1076
gidNumber: 1000