C.3. Examples of LDAP URLs
Note
The LDAP URL format is described in RFC 4516, which is available at http://www.ietf.org/rfc/rfc4516.txt.
Example 1
The following LDAP URL specifies a base search for the entry with the distinguished name dc=example,dc=com
.
ldap://ldap.example.com/dc=example,dc=com
- Because no port number is specified, the standard LDAP port number (
389
) is used. - Because no attributes are specified, the search returns all attributes.
- Because no search scope is specified, the search is restricted to the base entry
dc=example,dc=com
. - Because no filter is specified, the directory uses the default filter (
objectclass=*
).
Example 2
The following LDAP URL retrieves the postalAddress
attribute of the entry with the DN dc=example,dc=com
:
ldap://ldap.example.com/dc=example,dc=com?postalAddress
- Because no search scope is specified, the search is restricted to the base entry
dc=example,dc=com
. - Because no filter is specified, the directory uses the default filter (
objectclass=*
).
Example 3
The following LDAP URL retrieves the cn
, mail
, and telephoneNumber
attributes of the entry for Barbara Jensen:
ldap://ldap.example.com/cn=Barbara%20Jensen,dc=example,dc=com?cn,mail,telephoneNumber
- Because no search scope is specified, the search is restricted to the base entry
cn=Barbara Jensen,dc=example,dc=com
. - Because no filter is specified, the directory uses the default filter
(objectclass=*)
.
Example 4
The following LDAP URL specifies a search for entries that have the surname Jensen
and are at any level under dc=example,dc=com
:
ldap://ldap.example.com/dc=example,dc=com??sub?(sn=Jensen)
- Because no attributes are specified, the search returns all attributes.
- Because the search scope is
sub
, the search encompasses the base entrydc=example,dc=com
and entries at all levels under the base entry.
Example 5
The following LDAP URL specifies a search for the object class for all entries one level under dc=example,dc=com
:
ldap://ldap.example.com/dc=example,dc=com?objectClass?one
- Because the search scope is
one
, the search encompasses all entries one level under the base entrydc=example,dc=com
. The search scope does not include the base entry. - Because no filter is specified, the directory uses the default filter (
objectclass=*
).
Note
The syntax for LDAP URLs does not include any means for specifying credentials or passwords. Search requests initiated through LDAP URLs are unauthenticated, unless the LDAP client that supports LDAP URLs provides an authentication mechanism.