I am using ldapsearch like this:
ldapsearch -Y GSSAPI ... '(&(objectClass=person)(employeeID=1*))' employeeID mail
Essentially I want to return the employeeID and the mail address, but only if an employee has both. For example, if someone only has an employeeID but no mail, they shouldn't be included in the result set. In the above command, they still are returned. How can I limit it so that both requested attributes must be fulfilled?
Use a wildcard in your filter -- mail=* means records where mail has any value. The specific filter in your example, modified to return records with the mail and employeeID attributes set would be:
(&(objectClass=person)(employeeID=1*)(mail=*)(employeeID=*))