Robert:
This is the result of a lot of blood-sweat-tears digestion of this: http://www.upenn.edu/computing/help/doc/email/directory.html
To query Penn Directory via command-line LDAP (the LDAPTLS_CACERT environment variable is necessary on Eniac because the ldap.conf file doesn't set TLS_CACERT; if you're doing this on your own machine, you can fix that):
LDAPTLS_CACERT=/etc/ssl/ca-bundle.pem ldapsearch -h directory.upenn.edu -Z -b ou=People,dc=upenn,dc=edu <FILTER> [object]
For authenticated view (gets you emails) (will prompt for your PennKey password):