Overview#

The LDAP SearchRequest is used to identify entries in the DSA that match a given set of criteria.

SearchRequest MAY return zero or more entries, and also zero or more referrals.

The SearchRequest LDAP Protocol Mechanism is defined as follows:

SearchRequest ::= [APPLICATION 3] SEQUENCE {
    baseObject      LDAPDN,
    scope           ENUMERATED {
        baseObject              (0),
        singleLevel             (1),
        wholeSubtree            (2),
    ...  },
    derefAliases    ENUMERATED {
        neverDerefAliases       (0),
        derefInSearching        (1),
        derefFindingBaseObj     (2),
        derefAlways             (3) },
    sizeLimit       INTEGER (0 ..  maxInt),
    timeLimit       INTEGER (0 ..  maxInt),
    typesOnly       BOOLEAN,
    filter          Filter,
    attributes      AttributeSelection 
    } 
The elements of the search request include:
  • The baseDN, which specifies the location in the DIT in which to perform the search.
  • The LDAP Search Scope, which specifies the scope of entries at or below the base DN to consider when processing the search.
  • The Dereference Policy to use if any aliases are encountered during processing.
  • The size limit, which specifies the maximum number of entries that should be returned from the search (or zero if there should not be any maximum number of entries).
  • The time limit, which specifies the maximum length of time in seconds that the server should spend processing the search (or zero if there should not be a maximum number of entries).
  • The TypesOnly Flag, which indicates whether the entries returned should include attribute types only or both types and values.
  • The LDAP SearchFilter, which specifies the criteria to use to identify matching entries.
  • The AttributeSelection that indicate which attributes should be included in matching entries, or an empty list to indicate that all User Attribute should be returned.

Search Responses#

There are three types of result elements that can be returned in response to a search request:

Any SearchResultEntry may be read.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-37) was last changed on 28-Jul-2017 09:34 by jim