Supported searches and examples
Simple query
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=TestUser1)"
Multiple filters for more accurate search results
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(o=TestOrg))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(ou=TestOU)(ou=TestOU))"
Single wildcard in query filters
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*abc)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser*)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser*)(o=TestOrg))"
Two wildcard queries
Note
Use to search on text in the middle of a string, with wildcards at the start and end.
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*abc*)"$
Block three or more wildcards
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub"(cn=a*bc*d*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a*b*c)"
Use object class to identify certificates
The LDAP server supports objectClasses pkiUser or pkiUserData for end user certificates and pkiCA or pkiCAData for CAs.Queries for end user certificates may include filters like (|(objectClass=pkiUser)(objectClass=pkiUserData)).
User certificate search
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=Test*)(|(objectClass=pkiUser)(objectClass=pkiUserData)))"
CA certificate search
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TEST CA*)(|(objectClass=pkiCA)(objectClass=pkiCAData)))"
Complex filters in queries
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=Test*)(cn=User*))"
Search to download binary
User certificate binary search
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=Test*)" "usercertificate;binary"
CA certificate and CRL binary search
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "cacertificate;binary"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "certificaterevocationlist;binary"
Unsupported wildcard patterns
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub"(cn=a*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*ab*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*ab)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a*b)"