Components of an LDAP URL
LDAP URLs have the following syntax:
ldap[s]://hostname:port/base_dn?attributes?scope?filter
When ldap:// is specified, standard LDAP is used
to connect to the LDAP servers. When ldaps:// is specified,
LDAP over SSL is used to connect to the LDAP server.
Table 12–1 LDAP URL Components
Component
|
Description
|
hostname
|
Name (or IP address in dotted format) of the LDAP server. For example:
ldap.example.com or 192.168.1.100
|
port
|
Port number of the LDAP server.
If no port is specified, the standard LDAP port (389) or LDAPS port
(636) is used.
|
base_dn
|
Distinguished name (DN) of an entry in the directory. This DN identifies
the entry that is the starting point of the search.
If no base DN is specified, the search starts at the root of the directory
tree.
|
attributes
|
The attributes to be returned. To specify more than one attribute, use
commas to separate the attributes. For example, "cn,mail,telephoneNumber".
If no attributes are specified in the URL, all attributes are returned.
|
scope
|
The scope of the search. The scope can be one of these values:
-
base retrieves information about the distinguished
name (base_dn) specified in the URL only.
-
one retrieves information about entries
one level below the distinguished name (base_dn)
specified in the URL. The base entry is not included in this scope.
-
sub retrieves information about entries
at all levels below the distinguished name (base_dn)
specified in the URL. The base entry is included in this scope.
If
no scope is specified, the server performs a base search.
|
filter
|
Search filter to apply to entries within the specified scope of the
search.
If no filter is specified, the server uses the filter objectClass=*.
|
The following components are identified by their positions in the URL: attributes, scope, and filter are.
If you do not want to specify a component, you must include a question mark
to delimit the field. Two consecutive question marks, ??,
indicate that no attributes have been specified.
For example, to specify a subtree search starting from "dc=example,dc=com" that returns all attributes for entries matching "(sn=Jensen)", use the following LDAP URL.
ldap://ldap.example.com/dc=example,dc=com??sub?(sn=Jensen)
Because no specific attributes are identified in the URL, all attributes
are returned in the search.