Appendix A. Using LDAP Client Tools

Red Hat Directory Server 9.0 uses the LDAP tools (such as ldapsearch and ldapmodify) supplied with OpenLDAP. The OpenLDAP tool options are described in the OpenLDAP manpages at
This appendix gives some common usage scenarios and examples for using these LDAP tools.
More extensive examples for using ldapsearch are given in Chapter 10, Finding Directory Entries. More examples for using ldapmodify and ldapdelete are given in Section 3.2, “Managing Entries from the Command Line”.

A.1. Environment Variables Used with LDAP Client Tools

Some information related to running LDAP client tools can be set through environment variables. This allows certain operation conditions (like SSL/TLS settings) to be set once and then applied consistently to every operation.


The SSL/TLS parameters can be set as either an environment variable or within the OpenLDAP configuration, meaning set in /etc/openldap/ldap.conf or the $HOME/[.]ldaprc profiles.

Table A.1. LDAP Tools Environment Variables

Environment Variable ldap.conf Parameter Description
LDAP_BASEDN none Sets the default base DN for ldapsearch to use. This is equivalent to the -b argument and allows that argument to be skipped.
LDAPTLS_CACERTDIR TLS_CACERTDIR Gives the directory where the NSS security databases (cert8.db and key3.db) are located. For example, /etc/dirsrv/slapd-instance_name.
LDAPTLS_CERT TLS_CERT Gives the nickname for the server certificate in the cert8.db database. For example, Server-Cert.
LDAPTLS_KEY TLS_KEY Gives the password and, optionally, the token name which stores the key, in the format [token_name:]password. The default token name (which is assumed) is internal. For example, internal:secret or secret.