In all cases, a referral is an LDAP URL that contains the host name, port number, and optionally a DN on the local host or on another server.
Note - Unless an LDAP client provides authentication, any search request initiated by means of an LDAP URL is anonymous (unauthenticated).
The format of an LDAP URL is described in RFC 4516 and is summarized as follows:
An LDAP URL includes the following components:
Indicates whether to connect to the server (ldap:), or connect to the server over SSL (ldaps:).
Specifies the host name or IP address of the LDAP server.
Specifies the port number of the LDAP server. If no port is specified, the default LDAP port (389) or LDAPS port (636) is used.
Specifies the distinguished name (DN) of an entry in the directory. This DN identifies the entry that is the starting point of the search. If no base DN is specified, the search starts at the root of the directory tree.
Returns the specified attributes. Use commas to separate more than one attribute. If no attributes are specified, the search returns all attributes.
Specifies the scope of the search:
base. Search only the base entry specified by base_dn.
one. Search one level below the base entry specified by base_dn
sub. Search the base entry and all entries below the specified base_dn
If no scope is specified, the server performs a base search.
Specifies the search filter to apply to entries within the specified scope of the search. If no filter is specified, the server uses the default (objectclass=*).
Note - Any spaces must be escaped using a character appropriate to your shell.
The following LDAP URL specifies a search for all entries that have the surname Jensen at any level under dc=example,dc=com. No port is specified, so the default (389) is used. No attributes are specified, so all attributes will be returned.
The following LDAP URL specifies a search for the cn and telephoneNumber attributes at any level under dc=example,dc=com. The server contacts the remote server at port 2389. Because no search filter is specified, the server uses the default filter (objectclass=*).