|
|
|
Use the DXsearch tool to search within a specified directory using defined filters. The utility lets you specify search output as LDIF or text, or can write each returned attribute to a file.
This command has the following format:
dxsearch [options] filter [attributelist]
Denotes one or more of the following options:
Sets alias dereferencing.
Retrieves attribute names only (no values).
Specifies the base DN for the search.
Does not suppress printing of non-ASCII values.
Runs in continuous mode. Errors are reported, but the process is not stopped.
Sets the LDAP debug levels.
Defines the level of debugging as follows:
-1 Enable all debugging
0 No debugging
1 Trace function
2 Debug packet handling
4 Heavy trace debugging
8 Connection management
16 Print out packages sent and received
32 Search filter processing
64 Configuration file processing
128 Access control list processing
256 Stats log connections/operations/results
512 Stats log entries sent
1024 Print communication with shell backends
2048 Print entry parsing debugging
You can add numbers together to specify multiple debug levels at the same time. For example, a debug level of 6 specifies the debugging levels of both 2 and 4.
Specifies the distinguished name of the user performing the bind.
Specifies a file to read from, rather than standard input.
Specifies the directory host. If you do not specify this, the tool uses localhost instead.
Specifies the LDAP URI of the directory host. If you do not specify this, the tool uses localhost instead.
You can use an IPv6 address, as in the following example:
-H ldap://[2001:db8:0:1:99a4:6159:198f:b309]
Specifies the time limit in seconds for each DAP operation.
Prints entries in LDIF format (-B is implied).
Does not multicast; limits search to a single directory.
Shows what would be done, but does not actually do it. Use with the -v option for debugging.
Specifies the port on directory host computer. If you do not specifiy this, the default of 102, the OSI port, is used.
You can combine the -H and -p arguments into a single argument. For example, you can replace the options on the first line with those on the second:
-H [2001:db8:0:1:99a4:6159:198f:b309] -p 19389 -H [2001:db8:0:1:99a4:6159:198f:b309]:19389
Specifies search scope.
Writes values to files in the specified directory.
Times the search (no search results printed).
Runs in verbose mode.
Specifies the bind password, which is used for simple authentication.
Specifies the size limit (in entries) for search.
Specifies that the tool should start a TLS request.
Use -ZZ to require a successful response from the DSA.
Specifies the name of the configuration file used by the -Z option. The default file is:
DXHOME/config/ssld/dxldap.conf
This configuration file is a text file. It must contain a line starting TLS_CACERT, and can optionally contain a second line starting TLS_REQCERT. Its format is as follows:
TLS_CACERT trusted_pem_file
[TLS_REQCERT {allow|demand|hard|never|try}]
In the configuration file, the lines have the following meaning:
Specifies the file that contains certificates for all of the Certificate Authorities the client will recognize.
trusted_pem_file
Species the trusted pem file.
This must be an absolute reference to a full path, without environment variables.
Do not enclose trusted_pem_file in quotes.
Specifies what checks to perform on server certificates in a TLS session, if any.
If this line is missing, the system uses TLS_REQCERT demand
The keywords have the following meaning:
Example: dxldap.conf file on a Windows System, Specifying the TLS_REQCERT Setting
TLS_CACERT c:\program files\CA\Directory\dxserver\config\ssld\trusted.pem TLS_REQCERT allow
Example: dxldap.conf file on a UNIX System, Using the Default TLS_REQECRT Setting
TLS_CACERT /opt/CA/Directory/dxserver/config/ssld/trusted.pem
An RFC2254-compliant LDAP search filter.
Specifies a space-separated list of attributes to retrieve. If no attribute list is given, all attributes are retrieved.
Example: Search and Results
This example uses the Democorp sample directory supplied with CA Directory. You can repeat this example as a training exercise.
Use the following command to search:
%dxsearch -L -h 192.168.19.202:19389 "(sn=horsfall)"
The results appear like this:
dn: cn=Murray HORSFALL,ou=Repair,ou=Operations,o=Democorp,c=AU oc: organizationalPerson oc: newPilotPerson oc: quipuObject cn: Murray HORSFALL sn: HORSFALL title: Information Technology Manager telephone: 797 8877 description: Replacements mail: Murray.HORSFALL@Democorp.com postalAddress: 173 Toorak Pde $ Berkeley NSW postalCode: 2506
If you send the output to an LDIF file, you can edit the file contents and use the DXmodify tool to implement the changes.
dxsearch -L -h yourhost:19389 "(sn=horsfall)" > h-modify.ldi
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |