Reference: Raw LDAP Queries (ldapsearch)

Last modified: Fri May 30 14:17:44 BST 2008
Nick West
Return to home page
For an introduction, see Interrogating the GRID

As explained in the tutorial MDS services are based on LDAP and information is supplied by:-

  1. Individual site elements (GRIS)
  2. Site wide services (GIIS and site BDII)
  3. Top level databases (BDII).
Queries can be targeted specifically to any of these using the ldapsearch command.

ldapsearch command


  Syntax:  ldapsearch [options] [filter [attributes...]]

  Options (not a complete list):-

   -x         Simple authentication (always use this)

   -p port    port on LDAP server  e.g. -p 2170
   -h host    LDAP server e.g. -h lcg-bdii.cern.ch
   -H URI     LDAP Uniform Resource Indentifier(s).  An alternative to -h -p
              e.g. -H ldap://lcg-bdii.cern.ch:2170

   -b basedn  the initial entry for the search in the LDAP tree
              e.g. -b "mds-vo-name=local, o=grid"
              GRIS Initial entry of the DIT is always o=grid
                          the second one (next level) is 'mds-vo-name=local'
              GRIIS Initial entry of the DIT is normally o=<site-name> (never o=grid) 
                          the second one (next level) is 'mds-vo-name=local'
              BDII As for GRIS

   -LLL       Print without comments and version
 

   filter

      Applies a filter to limit a search.  Filters can be simple or compound (combine sumple with & | or !)

      simple-filter:  attribute operator value 
                      e.g.  GlueHostMainMemoryRAMSize<=1000

                        Operators: = 	Entries whose attribute is equal to the value
                                   >= 	Entries whose attribute is greater than or equal to the value
                                   <= 	Entries whose attribute is less than or equal to the value
                                   =* 	Entries that have a value set for that attribute
                                   ~= 	Entries whose attribute value approximately matches the specified value 

      compound-filter:  ( "&" or "|" or "!" (simple-filter1) [(simple-filter2) ...] )
                        e.g. '(&(objectClass=GlueCE)(GlueCEAccessControlBaseRule=VO:minos))'
                        Note: - enclose in '...' to avoid shell processing the &
                              - A special attribute objectClass is defined for each directory entry. 
                                It indicates which object classes are defined for that entry in the LDAP schema. 

   attributes

      whitespace-separated list of attribute descriptions  [Default: all]
      e.g. GlueCEUniqueID GlueCEStateEstimatedResponseTime

Examples of each type:-

element: ldapsearch -x -h lcg-bdii.cern.ch -p 2170 -b "mds-vo-name=local, o=grid"
site:    ldapsearch -x -h site-bdii.gridpp.rl.ac.uk -p 2170 -b "mds-vo-name=RAL-LCG2,o=grid" 'objectclass=GlueService' GlueServiceType
         ldapsearch -x -h site-bdii.gridpp.rl.ac.uk -p 2170 -b 'Mds-Vo-name=RAL-LCG2,o=Grid' '(GlueSALocalID=minos)' \
            GlueSARoot GlueSAStateAvailableSpace GlueSAStateUsedSpace 
global:  ldapsearch -x -h lcgbdii02.gridpp.rl.ac.uk -p 2170 -b "mds-vo-name=local, o=grid"   'GlueServiceAccessControlRule=minos'
         ldapsearch -x -h lcgbdii02.gridpp.rl.ac.uk -p 2170 -b "mds-vo-name=local, o=grid" \
            'GlueCEUniqueID=heplnx206.pp.rl.ac.uk:2119/jobmanager-lcgpbs-short' GlueCEStateStatus -LLL
We have a list of the most frequently used GLUE attributes.

For more information see: @ LCG-2 User Guide: Sections 5.1.3 - 5

Return to home page