ldapsearch -E option

book

Article ID: 198203

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

The CA IM Provisioning server provides a modified ldapsearch.exe command for both Windows/Linux OS. This ldapsearch version includes the -E option. We will use the -E pr=size/noprompt to extend the page functionality of ldapsearch binary.

-E [!]<ext>[=<extparam>] search extensions (! indicates criticality)
  [!]domainScope (domain scope)
  [!]mv=<filter> (matched values filter)
  [!]pr=<size>[/prompt|noprompt] (paged results/prompt)
  [!]subentries[=true|false] (subentries)
  [!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
  rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)

 

Resolution

Example of ldapsearch.exe w/o the -E option. If there were more than 1000 objects, this operation would truncate at 1000.

ldapsearch.exe -h imps001 -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w Password01 -b "eTADSDirectoryName=Example_01_with_Full_Domain_Admin_Access,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectClass=eTADSDirectory)" eTADSexchangeStores eTExploreUpdateEtrust

Example of ldapsearch with the -E option to allow paging over 1000 objects.

ldapsearch.exe -h imps001 -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w Password01 -b "eTADSDirectoryName=Example_01_with_Full_Domain_Admin_Access,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectClass=eTADSDirectory)" -E pr=1000/noprompt eTADSexchangeStores eTExploreUpdateEtrust

Note: The -E option should follow after the base / objectClass filter has been defined to avoid warning message from ldapsearch of unknown switch.

Additional Information

See the following link as well:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=757861