Overview#
SearchRequest is a
LDAP Message used to identify
entries in the
DSA that match a given set of criteria.
SearchRequest MAY return zero or more entries, and also zero or more referrals.
The SearchRequest LDAP Message is defined as follows:
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2),
... },
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
derefAlways (3) },
sizeLimit INTEGER (0 .. maxInt),
timeLimit INTEGER (0 .. maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection
}
The elements of the search request include:
- The baseDN, which specifies the location in the DIT in which to perform the search.
- The LDAP Search Scope, which specifies the scope of entries at or below the base DN to consider when processing the search.
- The Dereference Policy to use if any aliases are encountered during processing.
- The size limit, which specifies the maximum number of entries that should be returned from the search (or zero if there should not be any maximum number of entries).
- The time limit, which specifies the maximum length of time in seconds that the server should spend processing the search (or zero if there should not be a maximum number of entries).
- The TypesOnly Flag, which indicates whether the entries returned should include attribute types only or both types and values.
- The LDAP SearchFilter, which specifies the criteria to use to identify matching entries.
- The AttributeSelection that indicate which attributes should be included in matching entries, or an empty list to indicate that all User Attribute should be returned.
There are three types of result elements that can be returned in response to a search request:
Any SearchResultEntry may be read.
There might be more information for this subject on one of the following: