I think the OpenDJ Project’s take on ldapsearch is very good, and it has become my preferred version in my daily work.
Here’s how to do the usual, and for some not-so-usual, stuff.
Connecting over LDAPS:
ldapsearch -Z -h ldap.example.com -p 636 -b "" -s base "(objectclass=*)"
Certificate information will be displayed and you will be asked if you trust it. Choices are 1) No; 2) Yes, for this session only; 3) Yes, also add it to a truststore; 4) View certificate details. The default is 2.
Using Simple Paged Results Control:
ldapsearch -h ldap.example.com -D "cn=admin,ou=special users,dc=example,dc=com" -w xxxxxxx -b "ou=people,dc=example,dc=com" -s sub --simplePageSize 200 "(o=Corporate)" uid givenname sn mail departmentnumber
This should scroll 200 entries at a time, stopping after earch “page” of 200 to wait for you to hit the “RETURN key to continue”. Most useful when searching Active Directory! Needs to be performed by a user with rights to invoke the control on the server.
Getting all attributes in an entry, visible, system and hidden:
ldapsearch -h ldap.example.com -D "cn=directory manager" -w xxxxx -b "dc=example,dc=com" -s sub "(cn=Joe Smith)" '*' +
As far as I know the exact syntax of that last one doesn’t show up in examples outside of this site (but I hope it will!).