Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 4. Searching Identity Management entries from the command line

Locate and view Identity Management (IdM) entries by using search filters and display commands.

4.1. Overview of listing IdM entries
Copia collegamento

Identify specific entries within the Identity Management (IdM) database by using search filters and keywords. You can use the ipa *-find commands to retrieve lists of objects and to filter results based on user membership or attribute matches.

Useful search commands

  • To list all the find commands, use the grep utility with the ipa help command: 

    $ ipa help commands | grep find
    Copy to Clipboard Toggle word wrap

  • To list all users in the IdM database, use the following command: 

    $ ipa user-find
    Copy to Clipboard Toggle word wrap

  • To list user groups whose specified attributes contain a keyword, run: 

    $ ipa group-find <keyword>
    Copy to Clipboard Toggle word wrap

    For example the ipa group-find admin command lists all groups whose names or descriptions include the string admin: 

    ----------------
3 groups matched
----------------
   Group name: admins
   Description: Account administrators group
   GID: 427200002

   Group name: editors
   Description: Limited admins who can edit other users
   GID: 427200002

   Group name: trust admins
   Description: Trusts administrators group
    Copy to Clipboard Toggle word wrap

  • To search for groups that contain a particular user: 

    $ ipa group-find --user=<user_name>
    Copy to Clipboard Toggle word wrap

  • To search for groups that do not contain a particular user: 

    $ ipa group-find --no-user=<user_name>
    Copy to Clipboard Toggle word wrap

4.2. Showing details for a particular entry
Copia collegamento

Retrieve the full technical configuration and attribute list for a specific Identity Management (IdM) entry. You can use the ipa <object>-show command to display detailed information for a single object, such as a host, user, or service, rather than a filtered list of multiple results.

Procedure

  • To display details for a specific entry, run the ipa <object>-show command followed by the name of the entry. For example: 

    $ ipa host-show server.example.com
    Copy to Clipboard Toggle word wrap

    The CLI displays the full record for the specified object: 

    Host name: server.example.com
Principal name: host/server.example.com@EXAMPLE.COM
...
    Copy to Clipboard Toggle word wrap

4.3. Adjusting the search size and time limit
Copia collegamento

Some queries, such as requesting a list of IdM users, can return a very large number of entries. By tuning these search operations, you can improve the overall server performance when running the ipa *-find commands, such as ipa user-find, and when displaying corresponding lists in the Web UI.

Search size limit

Defines the maximum number of entries returned for a request sent to the server from a client’s CLI or from a browser accessing the IdM Web UI.

Default: 100 entries.

Search time limit

Defines the maximum time (in seconds) that the server waits for searches to run. Once the search reaches this limit, the server stops the search and returns the entries discovered in that time.

Default: 2 seconds.

If you set the values to -1, IdM does not apply any limits when searching.

Important

Setting search size or time limits too high can negatively affect server performance.

4.3.1. Adjusting the search size and time limit in the command line
Copia collegamento

You can adjust the search size and time limits globally or for a specific entry to optimize search performance and responsiveness.

Procedure

  1. To display current search time and size limits in CLI, use the ipa config-show command: 

    $ ipa config-show

Search time limit: 2
Search size limit: 100
    Copy to Clipboard Toggle word wrap

  2. To adjust the limits globally for all queries, use the ipa config-mod command and add the --searchrecordslimit and --searchtimelimit options. For example: 

    $ ipa config-mod --searchrecordslimit=500 --searchtimelimit=5
    Copy to Clipboard Toggle word wrap

  3. To temporarily adjust the limits only for a specific query, add the --sizelimit or --timelimit options to the command. For example: 

    $ ipa user-find --sizelimit=200 --timelimit=120
    Copy to Clipboard Toggle word wrap

4.3.2. Adjusting the search size and time limit in the Web UI
Copia collegamento

You can adjust global search size and time limits using the IdM Web UI to optimize search performance and responsiveness.

Procedure

  1. Log in to the IdM Web UI.
  2. Click IPA Server.
  3. On the IPA Server tab, click Configuration.

  4. Set the required values in the Search Options area.

    Default values are:

    • Search size limit: 100 entries
    • Search time limit: 2 seconds
  5. Click Save at the top of the page.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red Hat