Using ldapsearchAppendix B Finding Directory Entries 519Searching the Schema EntryDirectory Server stores all directory server schema in the special cn=schema entry.This entry contains information on every object class and attribute defined for yourdirectory server.You can examine the contents of this entry as follows:ldapsearch -h mozilla -b "cn=schema" -s base "objectclass=*"Using LDAP_BASEDNTo make searching easier, you can set your search base using the LDAP_BASEDNenvironment variable. Doing this allows you to skip specifying the search basewith the -b option (for information on how to set environment variables, see thedocumentation for your operating system).Typically, you set LDAP_BASEDN to your directory’s suffix value. Since yourdirectory suffix is equal to the root, or topmost, entry in your directory, this causesall searches to begin from your directory’s root entry.For example, suppose you have set LDAP_BASEDN to dc=example,dc=com. Then tosearch for cn=babs jensen in your directory use the following command-line call:ldapsearch -h mozilla "cn=babs jensen"In this example, the default scope of sub is used because the -s option was notused to specify the scope.Displaying Subsets of AttributesThe ldapsearch command returns all search results in LDIF format. By default,ldapsearch returns the entry’s distinguished name and all of the attributes thatyou are allowed to read (you can set up the directory access control such that youare allowed to read only a subset of the attributes on any given directory entry).Only operational attributes are not returned. If you want operational attributesreturned as a result of a search operation, you must explicitly specify them in thesearch command.Suppose you do not want to see all of the attributes returned in the search results.You can limit the returned attributes to just a few specific attributes by specifyingthe ones you want on the command line immediately after the search filter. Forexample, to show the cn and sn attributes for every entry in the directory, use thefollowing command-line call:ldapsearch -h mozilla "objectclass=*" sn cnThis example assumes you set your search base with LDAP_BASEDN.