Community

Search all LDAP attributes (including operational)

22/11/2013 4:55 pm

Jakub Walczak

Tags: LDAP

When I've used ldapsearch, I've noticed that not every attribute I can search is displayed.

For example I can search locked accounts:

ldapsearch -x -H ldap://ldap.mydomain.com -W \
-D "cn=jaqb,dc=mydomain,dc=com" \
-b "ou=Users,dc=mydomain,dc=com" \
"(pwdAccountLockedTime=*)"

but pwdAccountLockedTime attribute is not displayed.

According to ldapsearch manual you have to add + (plus sign) do filter attributes. Now it looks like this:

ldapsearch -x -H ldap://ldap.mydomain.com -W \
-D "cn=jaqb,dc=mydomain,dc=com" \
-b "ou=Users,dc=mydomain,dc=com" \
"(pwdAccountLockedTime=*)" "+"

, but now "normal" attributes aren't shown. To show both regular and operational attributes you have add * (asterisk sign):

ldapsearch -x -H ldap://ldap.mydomain.com -W \
-D "cn=jaqb,dc=mydomain,dc=com" \
-b "ou=Users,dc=mydomain,dc=com" \
"(pwdAccountLockedTime=*)" "+" "*"

There is another search attribute 1.1 - not to show any attributes:

ldapsearch -x -H ldap://ldap.mydomain.com -W \
-D "cn=jaqb,dc=mydomain,dc=com" \
-b "ou=Users,dc=mydomain,dc=com" \
"(pwdAccountLockedTime=*)" 1.1

sometimes useful in scripts.

Add comment

Just my blog...

Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Community

Search all LDAP attributes (including operational)

Tags

Archive

November 2013