SearchResultEntry is a LDAP Message and an entry returned as part of a SearchRequest.

SearchResultEntry are entries determined by the LDAP Three-valued logic rule.

SearchResultEntrywill contain at least the DN of the entry, and may contain zero or more attributes. The attributes may contain only attribute type names or both types and values (based on the value of the TypesOnly Flag from the searchRequest from the client request, but may be pared down based on the server's Access Control configuration. The results of the Search operation are returned as zero or more SearchResultEntry and/or searchResultReference messages, followed by a single searchResultDone message.

            SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
                 objectName      LDAPDN,
                 attributes      PartialAttributeList }

            PartialAttributeList ::= SEQUENCE OF
                                 partialAttribute PartialAttribute

            SearchResultReference ::= [APPLICATION 19] SEQUENCE
                                      SIZE (1..MAX) OF uri URI

            SearchResultDone ::= [APPLICATION 5] LDAPResult

Each SearchResultEntry represents an entry found during the Search. Each SearchResultReference represents an area not yet explored during the Search. The SearchResultEntry and searchResultReference messages may come in any order. Following all the searchResultReference and SearchResultEntry responses, the server returns a searchResultDone response, which contains an indication of success or details any errors that have occurred.

Each entry returned in a SearchResultEntry will contain all appropriate attributes as specified in the attributes field of the Search Request, subject to access control and other administrative policy. Note that the PartialAttributeList may hold zero elements.

This may happen when none of the attributes of an entry were requested or could be returned. Note also that the partialAttribute vals set may hold zero elements. This may happen when typesOnly is requested, access controls prevent the return of values, or other reasons.

Some attributes may be constructed by the server and appear in a SearchResultEntry attribute list, although they are not stored attributes of an entry. Clients SHOULD NOT assume that all attributes can be modified, even if this is permitted by access control.

If the server's schema defines short names RFC 4512 for an attribute type, then the server SHOULD use one of those names in attribute descriptions for that attribute type (in preference to using the

       <numericoid> [RFC4512] format of the attribute type's object
       identifier).  The server SHOULD NOT use the short name if that name
       is known by the server to be ambiguous, or if it is otherwise likely
       to cause interoperability problems.

More Information#

There might be more information for this subject on one of the following: