products | company | support | downloads | isp services | contact us
|
mail us
|
mail this page products | company | support | downloads | isp services | contact us |
This section describes the 'wire' protocol that LDAP clients and servers use when communicating.
If you need to know this stuff carry on, but the really smart thing to do is use the excellent Open Source wireshark (ex-ethereal) to do all the disassembly for you - if wireshark does not support a protocol we have not yet come across it. Wonderful software.
Finally LDAP uses the ITU's BER (Basic Encoding Rules) to save three bytes on each transfer. You will need (and pay handsomely for it) X.690 with defines BER.
Alternatively you can download Prof. John Larmouth's ASN.1 Complete (its free but you must register to get it) or you can purchase a copy from Morgan Kaufmann Publishers (ISBN: 0-12-233435-3). In no way second best is Olivier Dubuisson's ASN.1 - Communication between heterogeneous systems (free but you have to register) another world renowned ASN.1 expert. Again you can purchase his book from Morgan Kaufmann Publishers (ISBN: 0-12-6333361-0). This site has excellent ASN.1 and BER resources.
9.1 Functional Model Overview
9.2 Generic Format
9.3 Primitives (Operations)
9.4 LDAP URL
One day real soon now ™
One day real soon now ™
One day real soon now ™
The LDAP URL is a useful feature - but a bit of a con. The LDAP URL (RFC 4510 and RFC 4516) defines a method by which you can enter something that looks like a URL into some version 5 browsers (MSIE 5.5+ and any Gecko browser supports ldap, Opera 7.x beta and Konqueror do not) and it will perform a LDAP read-only query on the host using the parameters defined in the URL. Both MSIE and Gecko allow you to add any found entries to an address book (and look to have a common code base).
The con bit (we're being very unfair here) is that the browser translates this request into a standard LDAP search/query primitive. The URL'ish notation is just a (useful) browser interface.
The formal syntax is:
scheme "://" [host:port] ["/"[dn ["?" [attributes] ["?" [scope] ["?" [filter]
["?" extensions]]]]]]
Where:
| Param | Description |
scheme |
may be either ldap - basic access on (normally) port 389 or ldaps - SSL access using (normally) port 636. |
host:port |
optional - if omitted browser will use a default. Otherwise specifies the host URL and optionally the host port number, for instance, ldapserver.example.com or ldapserver.example.com:8777 (uses a non standard port of 8777). |
dn |
optional - if omitted browser will use a default. Otherwise specifies the DN to use for the search, for instance, ou=people,dc=example,dc=com. |
attributes |
optional - if omitted all available attributes are returned for the entry. Otherwise specifies the required attributes to be returned in a comma separated list, for example, cn,mail,telephonenumber. |
scope |
optional - if omitted assumes base. Otherwise specifies the scope of the search and takes one of the following values:
|
filter |
according to the documentation this field is optional - if omitted (objectclass=*) is assumed. This default appears not to be supported on either MSIE or Gecko - you must enter something, for example, (objectclass=*). Otherwise specifies the text form of the search filter. |
extensions |
The current LDAP RFC (RFC 4516) does not define any extensions |
Connect using anonymous access to host.example.com using port 389 with a DN of ou=people,dc=example.com, return all available attributes for entries, go down one level on the search and return all found entries.
ldap://host.example.com/ou=people,dc=example,dc=com??one?(objectclass=*)
Connect using anonymous access to host.example.com using port 9000 with a DN of ou=people,dc=example.com, return all available attributes for entries, go down one level on the search and return all entries
ldap://host.example.com:9000/ou=people,dc=example,dc=com??one?(objectclass=*)
Connect using anonymous access to a host of the browsers choosing (we can't figure how to configure this one) using port 389 with a DN of ou=people,dc=example.com, return all attributes available for entries, go down one level on the search and return all entries with s or S anywhere in the common name:
ldap:///ou=people,dc=example,dc=com??one?(cn=*s*)
Connect using anonymous access to host.exmple.com using port 389 with a DN of ou=people,dc=example.com, return mail attributes only, go down one level on the search and return all entries which have one or more mail attributes:
ldap://host.example.com/ou=people,dc=example,dc=com?mail?one?(mail=*)
Connect using anonymous access to host.example.com using port 389 with a DN of ou=people,dc=example.com, return all attributes available for entries, seach whole subtree below base DN and return all entries with sn starting with a or A.
ldap://host.example.com/ou=people,dc=example,dc=com???(sn=a*)
|
Copyright © 1994 - 2010 ZyTrax, Inc. All rights reserved. Legal and Privacy |
site by zytrax |
web-master at zytrax Page modified: November 12 2009. |
tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 config files
7 replicate & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log
This work is licensed under a
Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Mozilla
FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux
OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation
Open Source Initiative
Creative Commons
Ibiblio - Library
Open Book Project
Open Directory
Wikipedia
RSS Feed