Red Hat DIRECTORY SERVER 8.0 Command Reference Manual page 184

Chapter 6. Command-Line Utilities
Option
-Z
-ZZ
-ZZZ
Table 6.4. Additional SSL ldapsearch Options
SASL Options
SASL mechanisms can be used to authenticate a user, using the -o the required SASL information.
To learn which SASL mechanisms are supported, search the root DSE. See the -b option in
"Commonly-Used ldapsearch
Option
-o
Table 6.5. SASL Options
There are three SASL mechanisms supported in Red Hat Directory Server:
• CRAM-MD5, described in
• DIGEST-MD5, described in
174
Options".
Table 6.6, "Description of CRAM-MD5 Mechanism Options"
Table 6.7, "Description of DIGEST-MD5 SASL Mechanism Options"
Description
Specifies that SSL is to be used for the search
request.
Specifies the Start TLS request. Use this option
to make a cleartext connection into a secure
one. If the server does not support Start TLS,
the command does not have to be aborted; it will
continue in cleartext.
Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
information is incorrect, the command is aborted
immediately.
Description
Specifies SASL options. The format is -o
saslOption=value. saslOption can have one of
six values:
• mech
• authid
• authzid
• secProp
• realm
• flags
The expected values depend on the supported
mechanism. The -o can be used multiple times
to pass all of the required SASL information for
the mechanism. For example:
-o "mech=DIGEST-MD5" -o "authzid=test_user" -
o "authid=test_user"
Table 6.3,