This command:
ldapsearch -D binduser@acme.com -w ? -h globalADcatalog -b DC=acme,DC=com cn=myuser
Will sometimes give the error:
scope is required for a null based search
But if you simply change directories (to /opt, for example), the command will run just fine.
This is due to filename expansion in the shell, where you happen to have a file (or directory) with a single-character name in your current working directory. The correct way to get around this is to change the command to:
ldapsearch -D binduser@acme.com -w \? -h globalADcatalog -b DC=acme,DC=com cn=myuser
FYI: The "-w ?" tells ldapsearch to prompt you for a password, and the backslash quotes the question mark so the shell doesn't try to interpret it. I like using this form of the command rather than typing the password on the command line for security purposes:
- While the command is running, ANY user on the system can see the entire command line with the 'ps -ef' command.
- If you're using a shared account (like a service account), any other people sharing that account can see all previous commands with the 'history' command.
