*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > OpenBSD > Section 1 > ldap
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: ldap | Section: 1 | Source: OpenBSD | File: ldap.1
LDAP(1) FreeBSD General Commands Manual LDAP(1) NAME ldap - simple LDAP client SYNOPSIS ldap search [-LvWxZ] [-b basedn] [-c CAfile] [-D binddn] [-H host] [-l timelimit] [-s scope] [-w secret] [-y secretfile] [-z sizelimit] [filter] [attributes ...] DESCRIPTION The ldap utility is a simple LDAP client. It queries an LDAP server to perform a command and outputs the results in the LDAP Data Interchange Format (LDIF). search options [filter] [attributes ...] Perform a directory search request. The optional filter argument specifies the LDAP filter for the directory search. The default is (objectClass=*) and the format must comply to the "String Representation of Search Filters" as described in RFC 4515. If one or more attribute options are specified, ldap restricts the output to the specified attributes. The options are as follows: -b basedn Use the specified distinguished name (dn) as the starting point for directory search requests. -c CAfile When TLS is enabled, load the CA bundle for certificate verification from the specified file. The default is /etc/ssl/cert.pem. If the LDAP server uses a self-signed certificate, use a file that contains the server certificate in PEM format, e.g. /etc/ssl/ldapserver.example.com.crt. -D binddn Use the specified distinguished name to bind to the directory. -H host The hostname of the LDAP server or an LDAP URL. The LDAP URL is described in RFC 4516 with the following format: [protocol://]host[:port][/basedn?attribute,...?scope?filter] The default is ldap://localhost:389/. Each of basedn, attribute, scope and filter may be omitted, but the preceding `/' or `?' is required if a subsequent field is non-empty. The following protocols are supported: ldap Connect with TCP in plain text. This is the default. ldaps Connect with TLS. The default port is 636. ldap+tls Connect with TCP and enable TLS using the StartTLS operation. This is the same as the -Z option. ldapi Connect to a UNIX-domain socket. The host argument is required to be a URL-encoded path, for example ldapi://%2fvar%2frun%2fldapi for /var/run/ldapi. -L Output the directory search result in a standards-compliant version of the LDAP Data Interchange Format (LDIF). This encodes attribute values that include non-printable or UTF-8 characters in the Base64 format and wraps lines at a 79-character limit. If this option is not specified, ldap encodes "unsafe" characters and newlines in a visual format using vis(3) instead. -l timelimit Request the server to abort the search request after timelimit seconds. The default value is 0 for no limit. -s scope Specify the scope to be either base, one, or sub. The default is sub for subtree searches. -v Produce more verbose output. -W Prompt for the bind secret with echo turned off. -w secret Specify the bind secret on the command line. -x Use simple authentication. This is the default as ldap does not support SASL authentication. -y secretfile Read the bind secret from the first line of the specified file or from standard input if the secretfile argument is `-'. The file must not be world-readable if it is a regular file. -Z Enable TLS using the StartTLS operation. -z sizelimit Request the server to limit the search result to a maximum number of sizelimit entries. The default value is 0 for no limit. FILES /etc/ssl/cert.pem Default CA file. EXAMPLES The following script can be used with the AuthorizedKeysCommand option of sshd(8): #!/bin/sh ldap search -D cn=Reader,dc=example,dc=com -w mypass123 \ -b ou=People,dc=example,dc=com \ -H ldapserver -c /etc/ssl/ldapserver.crt -Z \ "(&(objectClass=bsdAccount)(uid=$1))" sshPublicKey | \ sed 's/^sshPublicKey: //p;d;' exit 0 And the related configuration in sshd_config(5): Match Group ldapusers AuthorizedKeysCommand /etc/ssh/ldap-authorized_keys.sh AuthorizedKeysCommandUser _ldap SEE ALSO sshd_config(5), ldapd(8), sshd(8) STANDARDS G. Good, The LDAP Data Interchange Format (LDIF) - Technical Specification, RFC 2849, June 2000. M. Smith, Ed. and T. Howes, Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters, RFC 4515, June 2006. M. Smith, Ed. and T. Howes, Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator, RFC 4516, June 2006. HISTORY The ldap utility first appeared in OpenBSD 6.4. AUTHORS The ldap utility was written by Reyk Floeter <[email protected]>. CAVEATS SASL authentication is not supported. Authentication should be performed using simple authentication over a TLS connection. FreeBSD 14.1-RELEASE-p8 February 10, 2021 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse OpenBSD] [Section 1]
Print/Export: [Print] [Raw Text]
Date: 2025-08-18 Time: 19:11:54 SAST |
Page generated in 0.088 seconds
Nergahak ManpageViewer v1.4
[Back to Top]