ldapsearch
245
Option
Description
-Q
Specifies the token and certificate name, which is
separated by a semi-colon (:) for PKCS11.
-W
Specifies the password for the private key
database identified in the
-P
option. For
example:
-W secret
If a dash (-) is used as the password value,
the utility prompts for the password after the
command is entered. This avoids having the
password on the command line.
-W -
Prompts for the password for the token
database.
-Z
Specifies that SSL is to be used for the search
request.
-ZZ
Specifies the Start TLS request. Use this option
to make a cleartext connection into a secure
one. If the server does not support Start TLS,
the command does not have to be aborted; it will
continue in cleartext.
-ZZZ
Enforces the Start TLS request. The server
must respond that the request was successful.
If the server does not support Start TLS, such
as Start TLS is not enabled or the certificate
information is incorrect, the command is aborted
immediately.
Table 6.5. Additional SSL ldapsearch Options
SASL Options
SASL mechanisms can be used to authenticate a user, using the
-o
the required SASL information.
To learn which SASL mechanisms are supported, search the root DSE. See the
-b
option in
Table 6.3,
“Commonly-Used ldapsearch Options”
.
Option
Description
-o
Specifies SASL options. The format is
-o
saslOption=value
.
saslOption
can have one of
six values:
• mech, the SASL authentication mechanism
• authid, the user who is binding to the server
(Kerberos principal)
• authzid, a proxy authorization (ignored by
the server since proxy authorization is not
supported)
Summary of Contents for 8.1
Page 8: ...viii ...
Page 14: ...xiv ...
Page 16: ...2 ...
Page 250: ...236 ...
Page 334: ...320 ...
Page 372: ...358 ...