X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman1%2Fldapsearch.1;h=7d5997ae210bcbd56ce038173d6d21ba4e8cadfb;hb=607c80df81596e1bdfe39cf0ded31ea1d90ea6d2;hp=59466dcaaced6f582eaf8168649dcbddd34935e6;hpb=acbb5cf689a4336af05c9f259d909d8141055bac;p=openldap diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index 59466dcaac..7d5997ae21 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -9,11 +9,17 @@ ldapsearch \- LDAP search tool [\c .BR \-n ] [\c +.BR \-c ] +[\c .BR \-u ] [\c .BR \-v ] [\c -.BR \-t ] +.BR \-t[t] ] +[\c +.BI \-T \ path\fR] +[\c +.BI \-F \ prefix\fR] [\c .BR \-A ] [\c @@ -21,10 +27,14 @@ ldapsearch \- LDAP search tool [\c .BR \-M[M] ] [\c +.BI \-S \ attribute\fR] +[\c .BI \-d \ debuglevel\fR] [\c .BI \-f \ file\fR] [\c +.BR \-x ] +[\c .BI \-D \ binddn\fR] [\c .BR \-W ] @@ -39,14 +49,18 @@ ldapsearch \- LDAP search tool [\c .BI \-p \ ldapport\fR] [\c -.BI \-P \ 2\fR\||\|\fI3\fR] -[\c .BI \-b \ searchbase\fR] [\c .BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR] [\c .BI \-a \ never\fR\||\|\fIalways\fR\||\|\fIsearch\fR\||\|\fIfind\fR] [\c +.BI \-P \ 2\fR\||\|\fI3\fR] +[\c +.BR \-e \ [!]ext[=extparam]] +[\c +.BR \-E \ [!]ext[=extparam]] +[\c .BI \-l \ timelimit\fR] [\c .BI \-z \ sizelimit\fR] @@ -61,8 +75,6 @@ ldapsearch \- LDAP search tool [\c .BI \-R \ realm\fR] [\c -.BR \-x ] -[\c .BI \-X \ authzid\fR] [\c .BI \-Y \ mech\fR] @@ -74,17 +86,18 @@ ldapsearch \- LDAP search tool .SH DESCRIPTION .I ldapsearch is a shell-accessible interface to the -.BR ldap_search (3) +.BR ldap_search_ext (3) library call. .LP .B ldapsearch opens a connection to an LDAP server, binds, and performs a search using specified parameters. The \fIfilter\fP should conform to -the string representation for search filters as defined in RFC 2254. +the string representation for search filters as defined in RFC 4515. If not provided, the default filter, (objectClass=*), is used. .LP If -.B ldapsearch finds one or more entries, the attributes specified by +.B ldapsearch +finds one or more entries, the attributes specified by \fIattrs\fP are returned. If * is listed, all user attributes are returned. If + is listed, all operational attributes are returned. If no \fIattrs\fP are listed, all user attributes are returned. If only @@ -95,6 +108,11 @@ If no \fIattrs\fP are listed, all user attributes are returned. If only Show what would be done, but don't actually perform the search. Useful for debugging in conjunction with -v. .TP +.B \-c +Continuous operation mode. Errors are reported, but ldapsearch will continue +with searches. The default is to exit after reporting an error. Only useful +in conjunction with -f. +.TP .B \-u Include the User Friendly Name form of the Distinguished Name (DN) in the output. @@ -102,10 +120,19 @@ in the output. .B \-v Run in verbose mode, with many diagnostics written to standard output. .TP -.B \-t -Write retrieved non-printable values to a set of temporary files. This -is useful for dealing with values containing non-character data such as -jpegPhoto or audio. +.B \-t[t] +A single -t writes retrieved non-printable values to a set of temporary +files. This is useful for dealing with values containing non-character +data such as jpegPhoto or audio. A second -t writes all retrieved values to +files. +.TP +.BI \-T \ path +Write temporary files to directory specified by \fIpath\fP (default: +/var/tmp/) +.TP +.BI \-F \ prefix +URL prefix for temporary files. Default is file://\fIpath\fP/ where +\fIpath\fP is /var/tmp/ or specified with -T. .TP .B \-A Retrieve attributes only (no values). This is useful when you just want to @@ -145,9 +172,16 @@ must be compiled with LDAP_DEBUG defined for this option to have any effect. .BI \-f \ file Read a series of lines from \fIfile\fP, performing one LDAP search for each line. In this case, the \fIfilter\fP given on the command line -is treated as a pattern where the first occurrence of \fB%s\fP is -replaced with a line from \fIfile\fP. If \fIfile\fP is a single \fI-\fP -character, then the lines are read from standard input. +is treated as a pattern where the first and only occurrence of \fB%s\fP +is replaced with a line from \fIfile\fP. Any other occurence of the +the \fB%\fP character in the pattern will be regarded as an error. +Where it is desired that the search filter include a \fB%\fP character, +the character should be encoded as \fB\\25\fP (see RFC 4515). +If \fIfile\fP is a single +\fI-\fP character, then the lines are read from standard input. +.B ldapsearch +will exit when the first non-successful search result is returned, +unless -c is used. .TP .B \-x Use simple authentication instead of SASL. @@ -211,6 +245,35 @@ base object for the search. The default is to never dereference aliases. .BI \-P \ 2\fR\||\|\fI3 Specify the LDAP protocol version to use. .TP +.B \-e \fI[!]ext[=extparam]\fP +.TP +.B \-E \fI[!]ext[=extparam]\fP + +Specify general extensions with -e and search extensions with -E. +\'!\' indicates criticality. + +General extensions: +.nf + [!]assert= (an RFC 4515 Filter) + [!]authzid= ("dn:" or "u:") + [!]manageDSAit + [!]noop + ppolicy + [!]postread[=] (a comma-separated attribute list) + [!]preread[=] (a comma-separated attribute list) + abandon, cancel (SIGINT sends abandon/cancel; not really controls) +.fi + +Search extensions: +.nf + [!]domainScope (domain scope) + [!]mv= (matched values filter) + [!]pr=[/prompt|noprompt] (paged results/prompt) + [!]subentries[=true|false] (subentries) + [!]sync=ro[/] (LDAP Sync refreshOnly) + rp[/][/] (LDAP Sync refreshAndPersist) +.fi +.TP .BI \-l \ timelimit wait at most \fItimelimit\fP seconds for a search to complete. A timelimit of @@ -395,11 +458,9 @@ a diagnostic message being written to standard error. .BR ldap.conf (5), .BR ldif (5), .BR ldap (3), -.BR ldap_search (3) +.BR ldap_search_ext (3), +.BR ldap_sort (3) .SH AUTHOR The OpenLDAP Project .SH ACKNOWLEDGEMENTS -.B OpenLDAP -is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -.B OpenLDAP -is derived from University of Michigan LDAP 3.3 Release. +.so ../Project