This one is going to be a bit “geeky” folks….. Sorry!

I’ve been working on a project at work involving LDAP. This summer we began the process of centralizing our directory services using the Open Directory LDAP server that is part of Mac OS X Server. For my project, I needed to do an LDIF (LDAP Interchange Format) export out of our directory server so I could import it into another server’s LDAP Directory system. Don’t ask why I need to do this, I just do, okay?

Here is the problem: I only needed a subset of the users listed in the directory. That sounds simple, but it turned out to be more difficult than I thought it would be.

After using Apple’s tools built into Workgroup Manager, I found I could select the users I wanted, but I could actually do the export in LDIF format. I also tried several open source LDAP browsing and searching tools. In one case I was only able to download the ENTIRE user list and all of their attributes, which was WAY more then I needed. In the other case, I could select my users, but it would only give me a couple of the attributes for the user and I had no control over which attributes.

Enter the command line tool ldapsearch.

ldapsearch is built in to Mac OS X. You can get an amazing amount of info about it by just reading the man page. The end result for me was that I could use ldapsearch to query the directory server for all of the users that had a particular attribute and the export that list of users, giving me only the attributes that I specifically ask for. It was EXACTLY what the doctor ordered for me.