ReferenceDXtools › DXsearch Tool—Search a Directory

Previous Topic: DXschemaldif Tool—Extract the Schema from an LDAP Directory

Next Topic: DXsyntax Tool—Check the Configuration of DSAs

DXsearch Tool—Search a Directory

Use the DXsearch tool to search within a specified directory using defined filters. The utility lets you specify search output as LDIF or text, or can write each returned attribute to a file.

This command has the following format: 

dxsearch [options] filter [attributelist]
options

Denotes one or more of the following options:

-a { never | always | search | find }

Sets alias dereferencing. The default is never.

-A

Retrieves attribute names only (no values).

-b basedn

Specifies the base DN for the search.

-B

Prints non-ASCII values. Remove this option to suppress these values.

-C

Specifies that referrals will be chased, if necessary. This option is is not necessary if your directory backbone contains only CA Directory DSAs. CA Directory DSAs handle referrals automatically, as specified in the X.500 standard.

-c

Runs in continuous mode. Errors are reported, but the process is not stopped.

-d level [-d level...]

Sets the LDAP debug levels.

level

Defines the level of debugging as follows:

-1 Enable all debugging

0 No debugging

1 Trace function

2 Debug packet handling

4 Heavy trace debugging

8 Connection management

16 Print out packages sent and received

32 Search filter processing

64 Configuration file processing

128 Access control list processing

256 Stats log connections/operations/results

512 Stats log entries sent

1024 Print communication with shell backends

2048 Print entry parsing debugging

You can add numbers together to specify multiple debug levels at the same time. For example, a debug level of 6 specifies the debugging levels of both 2 and 4.

-D bindDN

Specifies the distinguished name of the user performing the bind.

-E parameters

Specifies search extensions. Include the ! to make the parameter critical.

[!]domainScope

Domain scope

[!]mv=filter

Matched values filter

[!]pr=size[/prompt|noprompt]

Paged results/prompt

[!]subentries[=true|false]

Subentries

[!]sync=ro[/cookie]

LDAP Sync refreshOnly

rp[/cookie][/slimit]

LDAP Sync refreshAndPersist

-F prefix

Identifies the URL prefix to be used for files. If you do not specify this option, the default is used: file:///tmp/.

-f filename

Specifies a file to read from, rather than standard input.

-h host

Specifies the directory host. If you do not specify this, the tool uses localhost instead.

-H LDAP_URI

Specifies the LDAP URI of the directory host. If you do not specify this, the tool uses localhost instead.

You can use an IPv6 address, as in the following example:

-H ldap://[2001:db8:0:1:99a4:6159:198f:b309]
-l timelimit

Specifies the time limit in seconds for each DAP operation.

-L

Prints entries in LDIF V1 format, with non-ASCII values.

-LL

Prints entries in LDIF format without comments and with non-ASCII values.

-LLL

Prints entries in LDIF format without comments, without version information, and with non-ASCII values.

-M

Does not multicast; limits search to a single directory.

-n

Shows what would be done, but does not actually do it. Use with the -v option for debugging.

-P 2|3

Specifies the LDAP protocol. By default, this is set to 3.

-p dap-port

Specifies the port on directory host computer. If you do not specify this, the tool uses port 102, the OSI port, by default

You can combine the -h and -p arguments into a single argument, and express them as a dotted IP address or hostname. For example, you can replace the options on the first line with those on the second: 

-h 192.168.19.202 -p 19389
-h 192.168.19.202:19389
-s { base | one | sub}

Specifies search scope.

-S attribute

Sorts the results by the attribute.

-t dir

Writes values to files in the specified directory.

-T

Times the search (no search results printed).

-u

Includes user-friendly entry names in the output.

-v

Runs in verbose mode.

-W

Prompts the user for the bind password.

-w password

Specifies the bind password.

-y filename

Specifies a file that contains the bind password.

-z number-entries

Specifies the size limit (in entries) for search.

-Z [ssld_config_filename]

Specifies that the tool should start a TLS request, using the specified configuration file. If you omit the filename, the tool uses DXHOME/config/ssld/dxldap.conf.

Use -ZZ to require a response from the DSA when a request is successful.

filter

An RFC2254-compliant LDAP search filter.

attributelist

Specifies a space-separated list of attributes to retrieve. If no attribute list is given, all attributes are retrieved.

Example: Search and Results

This example uses the Democorp sample directory supplied with CA Directory. You can repeat this example as a training exercise.

Use the following command to search:

%dxsearch -L -h 192.168.19.202:19389 "(sn=horsfall)"

The results appear like this:

dn: cn=Murray HORSFALL,ou=Repair,ou=Operations,o=Democorp,c=AU
oc: organizationalPerson
oc: newPilotPerson
oc: quipuObject
cn: Murray HORSFALL
sn: HORSFALL
title: Information Technology Manager
telephone: 797 8877
description: Replacements
mail: Murray.HORSFALL@Democorp.com
postalAddress: 173 Toorak Pde $ Berkeley NSW
postalCode: 2506

If you send the output to an LDIF file, you can edit the file contents and use the DXmodify tool to implement the changes.

dxsearch -L -h yourhost:19389 "(sn=horsfall)" > h-modify.ldi