Ssl Options - Red Hat DIRECTORY SERVER 7.1 Configuration

ldapsearch
Option
-p
-s
-w
-x
-z

SSL Options

You can use the following command-line options to specify that
LDAPS when communicating with your SSL-enabled Directory Server. You also
use these options if you want to use certificate-based authentication. These
options are valid only when LDAPS has been turned on and configured for your
Directory Server. For information on certificate-based authentication and creating
a certificate database for use with LDAP clients, see chapter 11, "Managing SSL
and SASL," in the Red Hat Directory Server Administrator's Guide.
In addition to the standard
using SSL, you must specify the following:
238 Red Hat Directory Server Configuration, Command, and File Reference • May 2005
Description
Specifies the TCP port number that the Directory Server uses. For example,
-p 1049. The default is 389. If -Z is used, the default is 636.
Specifies the scope of the search. The scope can be one of the following:
base — Search only the entry specified in the -b option or defined by the
LDAP_BASEDN environment variable.
one — Search only the immediate children of the entry specified in the -b
option. Only the children are searched; the actual entry specified in the -b
option is not searched.
sub — Search the entry specified in the -b option and all of its descendants.
That is, perform a subtree search starting at the point identified in the -b
option. This is the default.
Specifies the password associated with the distinguished name that is
specified in the -D option. If you do not specify this option, anonymous access
is used. For example, -w diner892.
Specifies that the search results are sorted on the server rather than on the
client. This is useful if you want to sort according to a matching rule, as with
an international search. In general, it is faster to sort on the server rather than
on the client.
Specifies the maximum number of entries to return in response to a search
request. For example, -z 1000. Normally, regardless of the value specified
here, ldapsearch never returns more entries than the number allowed by the
server's nsslapd-sizelimit attribute. However, you can override this
limitation by binding as the root DN when using this command-line
argument. This is because, when you bind as the root DN, this option defaults
to zero (0). The default value for the nsslapd-sizelimit attribute is 2000
entries. See "nsslapd-sizelimit (Size Limit)," on page 81, for more information.
ldapsearch
options, to run an
ldapsearch
use
ldapsearch
command