How To Search LDAP using ldapsearch (With Examples)
LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and managing directory services. The ldapsearch command-line tool is a powerful utility that allows you to search and retrieve information from LDAP directories. In this guide, we will walk you through the process of using ldapsearch, along with some examples, to LDAP search directories effectively.
1. Install ldapsearch:
Before you begin, ensure that ldapsearch is installed on your system. If it’s not already installed, you can typically install it using your operating system’s package manager.
2. Connect to the LDAP server:
Use the following command to connect to the LDAP server:
“`
ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W
“`
Replace “ldap-server-hostname” with the hostname or IP address of your LDAP server. The “-x” option indicates that you want to use simple authentication, and the “-D” option specifies the bind DN (Distinguished Name) for authentication. The “-W” option prompts you to enter the password for the bind DN.
3. Search for entries:
Once connected, you can search for specific entries using the following command:
“`
ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(attribute=value)”
“`
Replace “attribute=value” with the specific search criteria you want to use. The “-b” option specifies the base DN (Distinguished Name) from which the search should start.
4. Search with wildcards:
You can use wildcards in your search criteria to broaden the results. For example, to search for entries where the “cn” attribute starts with “John”, use the following command:
“`
ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(cn=John*)”
“`
5. Limit search results:
By default, ldapsearch returns all matching entries. To limit the number of results, you can use the “-z” option followed by the maximum number of results you want to retrieve. For example, to retrieve only 5 results, use the following command:
“`
ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(attribute=value)” -z 5
“`
6. Retrieve specific attributes:
You can specify the attributes you want to retrieve using the “-s” option. For example, to retrieve only the “cn” and “mail” attributes, use the following command:
“`
ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(attribute=value)” -s cn mail
“`
7. Searching for entries with a specific object class:
“`ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(objectClass=person)”“`
This command searches for entries that have the object class “person”.
8. Searching for entries with a specific attribute value and displaying only selected attributes:
“`ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(&(attribute=value)(objectClass=person))” cn mail“`
In this example, we search for entries that have a specific attribute value and the object class “person”. The command also specifies that only the “cn” and “mail” attributes should be displayed.
9. Searching for entries using a filter with logical operators:
“`ldapsearch -x -H ldap://ldap-server-hostname -D “cn=admin,dc=example,dc=com” -W -b “dc=example,dc=com” “(&(attribute1=value1)(|(attribute2=value2)(attribute3=value3)))”“`
Here, we use a more complex filter that searches for entries with attribute1=value1 and either attribute2=value2 or attribute3=value3. The logical operator “|” (pipe) is used for the OR condition.
These examples provide a basic understanding of how to use ldapsearch to search LDAP directories. Keep in mind that the specific options and syntax may vary depending on your LDAP server implementation. You can refer to the ldapsearch documentation or consult your LDAP server documentation for more advanced usage and options.
Remember to replace “ldap-server-hostname” and “dc=example,dc=com” with the appropriate values for your LDAP server and directory structure.
