ldapsearch238 Red Hat Directory Server Configuration, Command, and File Reference • May 2005SSL OptionsYou can use the following command-line options to specify that ldapsearch useLDAPS when communicating with your SSL-enabled Directory Server. You alsouse these options if you want to use certificate-based authentication. Theseoptions are valid only when LDAPS has been turned on and configured for yourDirectory Server. For information on certificate-based authentication and creatinga certificate database for use with LDAP clients, see chapter 11, “Managing SSLand SASL,” in the Red Hat Directory Server Administrator’s Guide.In addition to the standard ldapsearch options, to run an ldapsearch commandusing SSL, you must specify the following:-p Specifies the TCP port number that the Directory Server uses. For example,-p 1049. The default is 389. If -Z is used, the default is 636.-s Specifies the scope of the search. The scope can be one of the following:base — Search only the entry specified in the -b option or defined by theLDAP_BASEDN environment variable.one — Search only the immediate children of the entry specified in the -boption. Only the children are searched; the actual entry specified in the -boption is not searched.sub — Search the entry specified in the -b option and all of its descendants.That is, perform a subtree search starting at the point identified in the -boption. This is the default.-w Specifies the password associated with the distinguished name that isspecified in the -D option. If you do not specify this option, anonymous accessis used. For example, -w diner892.-x Specifies that the search results are sorted on the server rather than on theclient. This is useful if you want to sort according to a matching rule, as withan international search. In general, it is faster to sort on the server rather thanon the client.-z Specifies the maximum number of entries to return in response to a searchrequest. For example, -z 1000. Normally, regardless of the value specifiedhere, ldapsearch never returns more entries than the number allowed by theserver’s nsslapd-sizelimit attribute. However, you can override thislimitation by binding as the root DN when using this command-lineargument. This is because, when you bind as the root DN, this option defaultsto zero (0). The default value for the nsslapd-sizelimit attribute is 2000entries. See “nsslapd-sizelimit (Size Limit),” on page 81, for more information.Option Description