-"\tfilter\tRFC-2254 compliant LDAP search filter\n"
-"\tattributes\twhitespace-separated list of attribute descriptions\n"
-"\t which may include:\n"
-"\t\t1.1 -- no attributes\n"
-"\t\t* -- all user attributes\n"
-"\t\t+ -- all operational attributes\n"
-"options:\n"
-"\t-a deref\tdereference aliases: never (default), always, search, or find\n"
-"\t-A\t\tretrieve attribute names only (no values)\n"
-"\t-b basedn\tbase dn for search\n"
-"\t-d level\tset LDAP debugging level to `level'\n"
-"\t-D binddn\tbind DN\n"
-"\t-E\t\trequest SASL privacy (-EE to make it critical)\n"
-"\t-f file\t\tperform sequence of searches listed in `file'\n"
-"\t-h host\t\tLDAP server\n"
-"\t-I\t\trequest SASL integrity checking (-II to make it\n"
-"\t\t\tcritical)\n"
-"\t-k\t\tuse Kerberos authentication\n"
-"\t-K\t\tlike -k, but do only step 1 of the Kerberos bind\n"
-"\t-l limit\ttime limit (in seconds) for search\n"
-"\t-L\t\tprint responses in LDIFv1 format\n"
-"\t-LL\t\tprint responses in LDIF format without comments\n"
-"\t-LLL\t\tprint responses in LDIF format without comments\n"
-"\t\t\tand version\n"
-"\t-M\t\tenable Manage DSA IT control (-MM to make critical)\n"
-"\t-n\t\tshow what would be done but don't actually search\n"
-"\t-p port\t\tport on LDAP server\n"
-"\t-P version\tprocotol version (default: 3)\n"
-"\t-s scope\tone of base, one, or sub (search scope)\n"
-"\t-S attr\t\tsort the results by attribute `attr'\n"
-"\t-t\t\twrite binary values to files in temporary directory\n"
-"\t-tt\t\twrite all values to files in temporary directory\n"
-"\t-T path\t\twrite files to directory specified by path (default:\n"
-"\t\t\t\"" LDAP_TMPDIR "\")\n"
-"\t-u\t\tinclude User Friendly entry names in the output\n"
-"\t-U user\t\tSASL authentication identity (username)\n"
-"\t-v\t\trun in verbose mode (diagnostics to standard output)\n"
-"\t-V prefix\tURL prefix for files (default: \"" LDAP_FILE_URI_PREFIX ")\n"
-"\t-w passwd\tbind passwd (for simple authentication)\n"
-"\t-W\t\tprompt for bind passwd\n"
-"\t-X id\t\tSASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
-"\t-Y mech\t\tSASL mechanism\n"
-"\t-z limit\tsize limit (in entries) for search\n"
-"\t-Z\t\tissue Start TLS request (-ZZ to require successful response)\n"
-, s );
+" filter\tRFC-2254 compliant LDAP search filter\n"
+" attributes\twhitespace-separated list of attribute descriptions\n"
+" which may include:\n"
+" 1.1 no attributes\n"
+" * all user attributes\n"
+" + all operational attributes\n"
+
+"Search options:\n"
+" -a deref one of never (default), always, search, or find\n"
+" -A retrieve attribute names only (no values)\n"
+" -b basedn base dn for search\n"
+" -E [!]<ctrl>[=<ctrlparam>] search controls (! indicates criticality)\n"
+" [!]mv=<filter> (matched values filter)\n"
+" -F prefix URL prefix for files (default: %s)\n"
+" -l limit time limit (in seconds) for search\n"
+" -L print responses in LDIFv1 format\n"
+" -LL print responses in LDIF format without comments\n"
+" -LLL print responses in LDIF format without comments\n"
+" and version\n"
+" -s scope one of base, one, or sub (search scope)\n"
+" -S attr sort the results by attribute `attr'\n"
+" -t write binary values to files in temporary directory\n"
+" -tt write all values to files in temporary directory\n"
+" -T path write files to directory specified by path (default: %s)\n"
+" -u include User Friendly entry names in the output\n"
+" -z limit size limit (in entries) for search\n"
+
+"Common options:\n"
+" -d level set LDAP debugging level to `level'\n"
+" -D binddn bind DN\n"
+" -e [!]<ctrl>[=<ctrlparam>] general controls (! indicates criticality)\n"
+" [!]manageDSAit (alternate form, see -M)\n"
+" [!]noop\n"
+" -f file read operations from `file'\n"
+" -h host LDAP server\n"
+" -H URI LDAP Uniform Resource Indentifier(s)\n"
+" -I use SASL Interactive mode\n"
+" -k use Kerberos authentication\n"
+" -K like -k, but do only step 1 of the Kerberos bind\n"
+" -M enable Manage DSA IT control (-MM to make critical)\n"
+" -n show what would be done but don't actually search\n"
+" -O props SASL security properties\n"
+" -p port port on LDAP server\n"
+" -P version procotol version (default: 3)\n"
+" -Q use SASL Quiet mode\n"
+" -R realm SASL realm\n"
+" -U authcid SASL authentication identity\n"
+" -v run in verbose mode (diagnostics to standard output)\n"
+" -w passwd bind passwd (for simple authentication)\n"
+" -W prompt for bind passwd\n"
+" -x Simple authentication\n"
+" -X authzid SASL authorization identity (\"dn:<dn>\" or \"u:<user>\")\n"
+" -y file Read passwd from file\n"
+" -Y mech SASL mechanism\n"
+" -Z Start TLS request (-ZZ to require successful response)\n"
+, s, def_urlpre, def_tmpdir );