LDAP Searches Provide a Gateway to Company Data - Page 2

 By Hallett German
Page 2 of 3   |  Back to Page 1
Print Article
(Continued from Page 1)

LDAP Search Details
Once you have determined what data you are looking for, you can then create the search criteria itself. At the minimum, every LDAP Search operation involves the following steps:

  • Authentication as anonymous or as a specific user
  • A query sent by the LDAP client/application
  • A response from the LDAP server: either the appropriate values, error codes, or the server where the information can be located.

This query-response sequence may go on for several iterations and involve other servers before the search data is found and returned. To get you started with creating your own LDAP queries, the following is a list of the LDAP search equivalents. Each of these elements can be combined to create the search criteria for the query.

Directory Basics

  • Directory to search - The fully qualified name or IP address and IP port number, since there may be multiple directories on one server each using different ports. The default port is 389.
  • Search base - Sets where in the directory hierarchy that you want to start your search. The usual place is at the top or root. For example, ou=luthcomputer, o=us or dc=luthcomputer, dc=com.
  • Scope — How far down the directory tree do you want to search? The choices are base, returning a single entry equal to the distinguished name or the unique search path to find your directory entry. One, retrieve one or more entries immediately below the search base, and sub, retrieves one or more values from the search base until reaching the bottom of the directory tree.
  • Account - This is used to bind the directory for the search operation.

Search response settings

  • Number of records returned or maximum search time — The default is 0 or no limit. Note that the maximum user setting may be overwritten by a system setting that ensures user searches have time limits to minimize the likelihood that a misconstrued search does not accidentally overwhelm the system resources.
  • List of attributes returned — By default, all attributes found for a record are returned. The Access Control must allow for the search and attribute return to occur.
  • Attributes only — This can be useful in exploring or debugging directories. It lists the attribute names that are found in a specified record but not their value.

Object/Attribute search filter criteria will be covered in a following article. In addition, there may be other advanced and product—specific settings such as LDAP extensions that give you even more powerful and useful possibilities. Read the product documentation for more information about specific tools.

(Continued on Page 3: LDAP Search Tips, Tricks and Traps)

This article was originally published on Feb 11, 2004
Get the Latest Scoop with Networking Update Newsletter