ldapsearch command


Opens a connection to an LDAP server, binds, and performs a search using the filter filter.


ldapsearch [-a ][-A ][-b basedn][-B][-C][-d][-D ][-e ][-f][-F][-G][-h][-i][-k][-K][-l][-L][-m][-M][-n][-N][-o][-O][-p][-P][-q][-R][-s][-t][-T][-U][-v][-V][-w][-y][-Y][-z ][-Z][-9] filter [attributes...]

where basedn equals the base distinguished name for the search, filter equals the LDAP search filter, options equals any other flags, and attributes equals a whitespace-separated list of attributes to retrieve. If no attribute list is specified, all attributes are retrieved.
Note: basedn is optional if LDAP_BASEDN is set in the environment.


If the ldapsearch command finds one or more entries, the attributes specified by attrs are retrieved and the entries and values are printed to standard output. If no attrs are listed, all attributes are returned.


Flag name Description
-a deref Specifies how to dereference aliases (never, always, search, or find).
-A Retrieves attribute names only (no values).
-b basedn Specifies base distinguished name (dn) for search. LDAP_BASEDN in environment is the default.
-B Specifies not to suppress printing of non-ASCII values.
-C charset Sets the character set name to use, as registered with Internet Assigned Numbers Authority (IANA).
-d level Sets the debugging level in LDAP library.
-D dn Binds dn.
-e Displays LDAP library version information and quit.
-f file Performs sequence of searches using filters in ‘file' “ must be substituted for the filter.
-F sep Prints ‘sep' between attribute names and values.
-G realm Specifies that realm is to be used for the DIGEST-MD5 bind mechanism.
-h host Specifies the LDAP server host name.
-i file Performs sequence of searches using filters in ‘file' “ must be substituted for the filter.
-k Uses server administration control on bind.
-K keyfile Specifies the file to use for the keys.
-l time Specifies time limit (in seconds) for search.
-L Prints entries in LDIF format (-B is implied).
-m mechanism Performs SASL bind with the specified mechanism.
-M Manages referral objects as normal entries.
-n Shows what would be done but don't actually perform the action.
-N key_name Specifies the private key name to use in the keyfile.
-o attr_type Sorts based on specified attribute type.
-O maxhops Specifies the maximum number of referrals to follow in a sequence.
-p port Specifies the LDAP server port number.
-P key_pw Specifies the keyfile password.
-q pagesize Queries page size for paged results.
-R Specifies not to chase referrals.
-s scope Searches scope. The search scope can be one of the following: base, one, or sub.
-t scope Writes values to files in /tmp.
-T seconds Specifies the number of seconds to wait between pages for paged results.
-U username Specifies the user name for the DIGEST-MD5 bind mechanism.
-v Runs in verbose mode.
-V version Specifies the LDAP protocol version. The version can be 2 or 3. The default is 3.
-w password Binds password or '?' for non-echoed prompt.
-y proxydn Sets proxied ID for proxied authorization operation.
-Y Uses a secure LDAP connection (TLS).
-zsize Specifies the size limit (in entries) for the search.
-Z Uses a secure LDAP connection (SSL).
-9control Sets the criticality for control option. The control can be one of the following options:
  • s sets criticality for sorting to false
  • p sets criticality for paging to false


To open a connection to the LDAP server and search on specific attributes, type:
ldapsearch -h vclient.host.com -D cn=admin -w adminpw -b cn=aixdata objectclass=*

Last updated: Wed, November 18, 2020