Red Hat DIRECTORY SERVER 8.0 Command Reference Manual page 182

Chapter 6. Command-Line Utilities
Option
Table 6.3. Commonly-Used ldapsearch Options
SSL Options
The following command-line options can be used to specify that ldapsearch use LDAPS when
communicating with an SSL-enabled Directory Server or used for certificate-based authentication.
These options are valid only when LDAPS has been turned on and configured for the Directory Server.
For information on certificate-based authentication and creating a certificate database for use with
LDAP clients, see the "Managing SSL" chapter in the Directory Server Administrator's Guide.
In addition to the standard ldapsearch options, to run an ldapsearch command using SSL, specify
the following:
ldapsearch { -Z, -ZZ, -ZZZ } [ -p secure_port ] [ -P certificate_database ] [ -N
certificate_name ] [ -K key_database ] [ -W key database password ]
NOTE
To run ldapsearch over TLS/SSL, either the -Z option is required (for SSL) or the -ZZ
or -ZZZ option is required (for Start TLS).
Option
-3
-I
-K
172
Description
-z 1000
Normally, regardless of the value specified here,
ldapsearch never returns more entries than
the number allowed by the server's nsslapd-
sizelimit attribute, unless the authenticated
user is the Directory Manager. However,
this limitation can be overridden by binding
as the root DN when using this command-
line argument. This is because binding as
the root DN causes this option to default to
zero (0). The default value for the nsslapd-
sizelimit attribute is 2000 entries. See
Section 2.3.1.92, "nsslapd-sizelimit (Size Limit)"
for more information.
Description
Specifies that hostnames should be checked in
SSL certificates.
Specifies the SSL key password file that contains
the token:password pair.
Specifies the absolute path, including the
filename, of the private key database of the
client.
The -K option must be specified when the key
database has a different name than key3.db
or when the key database is not under the
same directory as the certificate database, the