Search all LDAP attributes (including operational)
When I've used ldapsearch, I've noticed that not every attribute I can search is displayed.
For example I can search locked accounts:
ldapsearch -x -H ldap://ldap.mydomain.com -W \ -D "cn=jaqb,dc=mydomain,dc=com" \ -b "ou=Users,dc=mydomain,dc=com" \ "(pwdAccountLockedTime=*)"
but pwdAccountLockedTime attribute is not displayed.
According to ldapsearch manual you have to add + (plus sign) do filter attributes. Now it looks like this:
ldapsearch -x -H ldap://ldap.mydomain.com -W \ -D "cn=jaqb,dc=mydomain,dc=com" \ -b "ou=Users,dc=mydomain,dc=com" \ "(pwdAccountLockedTime=*)" "+"
, but now "normal" attributes aren't shown. To show both regular and operational attributes you have add * (asterisk sign):
ldapsearch -x -H ldap://ldap.mydomain.com -W \ -D "cn=jaqb,dc=mydomain,dc=com" \ -b "ou=Users,dc=mydomain,dc=com" \ "(pwdAccountLockedTime=*)" "+" "*"
There is another search attribute 1.1 - not to show any attributes:
ldapsearch -x -H ldap://ldap.mydomain.com -W \ -D "cn=jaqb,dc=mydomain,dc=com" \ -b "ou=Users,dc=mydomain,dc=com" \ "(pwdAccountLockedTime=*)" 1.1
sometimes useful in scripts.
Comments
Log in or create a user account to comment.