Skip to main content

Supported searches and examples

Simple query

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=TestUser1)"

Multiple filters for more accurate search results

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TestUser)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TestUser)(o=TestOrg))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TestUser)(ou=TestOU)(ou=TestOU))"

Single wildcard in query filters

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*abc)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TestUser*)(ou=TestOU))"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TestUser*)(o=TestOrg))"

Two wildcard queries

참고

Use to search on text in the middle of a string, with wildcards at the start and end.

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*abc*)"$

Block three or more wildcards

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub"(cn=a*bc*d*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*a*b*c)"

Use object class to identify certificates

The LDAP server supports objectClasses pkiUser or pkiUserData for end user certificates and pkiCA or pkiCAData for CAs.Queries for end user certificates may include filters like (|(objectClass=pkiUser)(objectClass=pkiUserData)).

User certificate search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=Test*)(|(objectClass=pkiUser)(objectClass=pkiUserData)))"

CA certificate search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=TEST CA*)(|(objectClass=pkiCA)(objectClass=pkiCAData)))"

Complex filters in queries

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(&(cn=Test*)(cn=User*))"

Complex searches

Search for attributes that begin with a specific email address

(|(mail=user@example.com*)
  (cn=user@example.com*)
  (sn=user@example.com*)
  (givenName=user@example.com*)
  (displayName=user@example.com*))

This search returns values when any of the following attributes start with the user@example.com email address: mail, cn, sn, givenName, displayName

Search to download binary

User certificate binary search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=Test*)" "usercertificate;binary"

CA certificate and CRL binary search

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "cacertificate;binary"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "cn=TEST CA LDAP" "certificaterevocationlist;binary"

Unsupported wildcard patterns

$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub"(cn=a*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*ab*)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*ab)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*a)"
$ ldapsearch -h directory.one.digicert.com -p 389 -x -b "" -s sub "(cn=*a*b)"
이 섹션의 내용: