After playing a bit, I am getting closer, but I feel like there should be an easier way than specifying every attribute. Here is an obfuscated example: ldapsearch -H ldaps://ds1.domain.com [-x] -D "cn=directory manager" -w "pass" -b "uid=test2015,ou=USERS,dc=domain,dc=com" uid cn entryid entrydn sambaprimarygroupsid sambasid # extended LDIF # # LDAPv3 # base <uid=test2015,ou=USERS,dc=domain,dc=com> with scope subtree # filter: (objectclass=*) # requesting: [-x] uid cn entryid entrydn sambaprimarygroupsid sambasid # # test2015, USERS, domain.com dn: uid=test2015,ou=USERS,dc=domain,dc=com uid: test2015 cn: test2015 entryid: 261 entrydn: uid=test2015,ou=users,dc=domain,dc=com sambaprimarygroupsid: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXX-513 sambasid: S-1-5-21-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-YYYY # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [02/Jun/2016:16:18:16 -0700] conn=38614 fd=77 slot=77 SSL connection from 192.168.x.y to 192.168.x.y [02/Jun/2016:16:18:16 -0700] conn=38614 SSL 256-bit AES [02/Jun/2016:16:18:16 -0700] conn=38614 op=0 BIND dn="cn=directory manager" method=128 version=3 [02/Jun/2016:16:18:16 -0700] conn=38614 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [02/Jun/2016:16:18:16 -0700] conn=38614 op=1 SRCH base="uid=test2015,ou=USERS,dc=domain,dc=com" scope=2 filter="(objectClass=*)" attrs="[-x] uid cn entryid entrydn sambaPrimaryGroupSID sambaSID" [02/Jun/2016:16:18:16 -0700] conn=38614 op=1 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [02/Jun/2016:16:18:16 -0700] conn=38614 op=2 UNBIND [02/Jun/2016:16:18:16 -0700] conn=38614 op=2 fd=77 closed - U1 Thanks, Job -- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
