Language and Page Formatting Options
Appendix A. Using LDAP Client Tools
Red Hat Directory Server uses the LDAP tools (such as
ldapmodify) supplied with OpenLDAP. The OpenLDAP tool options are described in the OpenLDAP man pages at http://www.openldap.org/software/man.cgi.
This appendix gives some common usage scenarios and examples for using these LDAP tools.
More extensive examples for using
ldapsearchare given in Chapter 14, Finding Directory Entries. More examples for using
ldapdeleteare given in Chapter 3, Managing Directory Entries.
A.1. Running Extended Operations
Red Hat Directory Server supports a variety of extended operations, especially extended search operations. An extended operation passes an additional operation (such as a get effective rights search or server-side sort) along with the LDAP operation. Likewise, LDAP clients have the potential to support a number of extended operations.
The OpenLDAP LDAP tools support extended operations in two ways. All client tools (
ldapsearch, and the others) use either the
-Eoptions to send an extended operation. The
-eargument can be used with any OpenLDAP client tool and sends general instructions about the operation, like how to handle password policies. The
-Eis used only with
ldapsearches and passes more useful controls like GER searches, sort and page information, and information for other, not-explicitly-support extended operations.
Additionally, OpenLDAP has another tool,
ldapexop, which is used exclusively to perform extended search operations, the same as running
The format of an extended operation with
When an extended operation is explicitly handled by the OpenLDAP tools, then the extended_operation_type can be an alias, like
dereffor a dereference search or
sssfor server-side sorting. A supported extended operation has formatted output. Other extended operations, like GER searches, are passed using their OID rather than an alias, and then the extended_operation_type is the OID. For those unsupported operations the tool does not recognize the response from the server, so the output is unformatted.
For example, the
pgextended operation type formats the results in simple pages:
# ldapsearch -x -D "cn=Directory Manager" -W -b "ou=Engineers,ou=People,dc=example,dc=com" -E pg=3 "(objectclass=*)" cn dn: uid=jsmith,ou=Engineers,ou=People,dc=example,dc=com cn: John Smith dn: uid=bjensen,ou=Engineers,ou=People,dc=example,dc=com cn: Barbara Jensen dn: uid=hmartin,ou=Engineers,ou=People,dc=example,dc=com cn: Henry Martin Results are sorted. next page size (3): 5
The same operation with
ldapexopcan be run using only the OID of the simple paged results operation and the operation's settings (3 results per page):
ldapexopdoes not accept the same range of search parameters that
ldapsearchdoes, making it less flexible.