Using ldapsearch to do an LDAP Search using TLS/SSL

In older / previous versions of Solaris (pre-Solaris 12/11.4) ldapsearch was based on the original Netscape ldapsearch using a different syntex. Searching for a user was something like the syntax below.

ldapsearch -Z -P /var/ldap -h ldap.domain.com -p 1636 -b dc=domain,dc=com uid=usera dn

In more recent versions of 11.4 (Solaris 12), the ldapsearch application was updated to work more like the Linux version, which added many options but also changed the the syntax. Below are some examples. Note: Some of the steps below are only required if the LDAP CA certificate is not using a public CA or your private CA was not added to your system certificates.

export LDAPTLS_REQCERT=never
ldapsearch -x -H ldaps://ldap.domain.com:1636 "(uid=usera)" dn

You can also added/modify one of the files below to make this a permanent setting. Add to /etc/openldap/ldap.conf or ~/.ldaprc.

tls_reqcert never

Two additional examples.

# group search
ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(memberUid=usera)(cn=groupa))' dn

# user search
ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(uid=usera)(objectClass=posixAccount))' dn

Getting the last unused uidNumber by implementing LDAP server side sorting.

ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'sss=-uidNumber:2.5.13.15' -z 1 -LLL "(uidNumber=*)" uidNumber

Example with paged results

ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'pr=3:1.2.840.113556.1.4.319' -LLL "(uidNumber=*)" uidNumber

dn: ...
...
# sortResult: (0) Success
# pagedresults: cookie=fHwAAAAAAAACPw==
Press [size] Enter for the next {3|size} entries.