Skip to main content

Supported searches and examples

Simple query

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=TestUser1)"

Multiple filters for more accurate search results

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(o=TestOrg))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser)(ou=TestOU)(ou=TestOU))"

Single wildcard in query filters

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*abc)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser*)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TestUser*)(o=TestOrg))"

Two wildcard queries

Note

Use to search on text in the middle of a string, with wildcards at the start and end.

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*abc*)"$

Block three or more wildcards

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub"(cn=a*bc*d*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a*b*c)"

Use object class to identify certificates

The LDAP server supports objectClasses pkiUser or pkiUserData for end user certificates and pkiCA or pkiCAData for CAs.Queries for end user certificates may include filters like (|(objectClass=pkiUser)(objectClass=pkiUserData)).

User certificate search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=Test*)(|(objectClass=pkiUser)(objectClass=pkiUserData)))"

CA certificate search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=TEST CA*)(|(objectClass=pkiCA)(objectClass=pkiCAData)))"

Complex filters in queries

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(&(cn=Test*)(cn=User*))"

Search to download binary

User certificate binary search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=Test*)" "usercertificate;binary"

CA certificate and CRL binary search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "cacertificate;binary"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "certificaterevocationlist;binary"

Unsupported wildcard patterns

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub"(cn=a*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*ab*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*ab)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b"" -s sub "(cn=*a*b)"