Requesting Attributes by Object Class (RFC 4529)

In the Lightweight Directory Access Protocol (LDAP) RFC 4510, the search operation RFC 4511 supports requesting the return of a set of attributes. This set is determined by a list of attribute descriptions. Two special descriptors are defined to request

However, there is no convenient mechanism for requesting pre-defined sets of attributes such as the set of attributes used to represent a particular class of object.

RFC 4529 extends LDAP to allow an object class identifier to be specified in attributes lists, such as in Search requests, to request the return of all attributes belonging to an object class. The COMMERCIAL AT ("@", U+0040) character is used to distinguish an object class identifier from an attribute descriptions.

For example, the attribute list of "@country" is equivalent to the attribute list of 'c', 'searchGuide', 'description', and 'objectClass'. This object class is described in RFC 4519.

This extension is intended primarily to be used where the user is in direct control of the parameters of the LDAP search operation, for instance when entering an LDAP URL RFC 4516 into a web browser, such as


