Jose Manuel Lopez writes: > I want search the entry and see all attributes except one concrete > attribute, for example jpegphoto.
The protocol has no support for that, and I'm not aware of an extension for it. The simplest way is to pass the ldapsearch output through a filter which removes the attribute: ldapsearch arguments... | perl -p00e 's/^jpegPhoto:.*\n( .*\n)*//gim' Or if you know which schema the server is using for the entries and which attributes which _might_ exist (e.g. any attribute allowed by the object classes your entries are using), simply request all the attributes you could conceivably be interested in, and not the one you don't want. OpenLDAP does have an extesion that if you ask for the "attribute" '!foo', it will return all attributes which are not in object class foo. So if you define a foo object class in the server with the unwanted attribute as a member, you can ask for that. However, this will also return operational attributes like createTimestamp and entryCSN, maybe that's not what you want. You could instead define an object class 'bar' the attributes you do want, and ask for '@bar'. Another way the server can support this is to set up access controls so that the particular user you bind as, or your host, or whatever, cannot access the unwanted attribute. Then the server will return the entries without the attribute. -- Hallvard
