| Exit Print View | |
Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology |
|
|
|
access control instruction (ACI)
authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
The LDAP search operation can be used to identify entries in the Directory Server that match a given set of criteria. It may return zero or more entries, and also zero or more referrals.
The search request protocol op is defined as follows:
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2),
... },
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
derefAlways (3) },
sizeLimit INTEGER (0 .. maxInt),
timeLimit INTEGER (0 .. maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection }
The elements of the search request include:
The search base DN, which specifies the location in the directory information tree in which to perform the search.
The search scope, which specifies the scope of entries at or below the base DN to consider when processing the search.
The dereference policy to use if any aliases are encountered during processing.
The size limit, which specifies the maximum number of entries that should be returned from the search (or zero if there should not be any maximum number of entries).
The time limit, which specifies the maximum length of time in seconds that the server should spend processing the search (or zero if there should not be a maximum number of entries).
The typesOnly flag, which indicates whether the entries returned should include attribute types only or both types and values.
The search filter, which specifies the criteria to use to identify matching entries.
The search attributes that indicate which attributes should be included in matching entries, or an empty list to indicate that all user attribute should be returned.
There are three types of result elements that can be returned in response to a search request: zero or more search result entry, zero or more search result reference, and exactly one search result done message. The entries and references can be returned in any order (and with search entries and references interspersed), and the search result done message will come last to indicate that there are no more results.
The search result entry protocol op is defined as follows:
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList }
PartialAttributeList ::= SEQUENCE OF
partialAttribute PartialAttribute
Each search result entry includes the DN of the entry and zero or more attributes (potentially including only the attribute type names without the values if the typesOnly element of the request is true) as defined in the search attribute list.
The search result reference protocol op is defined as follows:
SearchResultReference ::= [APPLICATION 19] SEQUENCE
SIZE (1..MAX) OF uri URI
Each search result reference includes one or more LDAP URL specifying an alternate location in which the client may search for additional matching entries.
The search result done message is an LDAP result defined as follows:
SearchResultDone ::= [APPLICATION 5] LDAPResult
|
|