Browser Search Strings For LDAP

(Last modified: 08Jan2003)

This document (10058069) is provided subject to the disclaimer at the end of this document.

goal

Browser Search Strings For LDAP

Searching with LDAP

LDAP searches

LDAP URL Format

note

NOTE:  This document is just informational and would assist you in doing a query to your ldap server faster than setting up a directory on your client (Netscape or Internet Explorer) to perform the same function.  These work best for a Netscape browser, however, will work for both.  You usually need to set up an LDAP PROXY in order to get this to work properly with Internet Explorer.  The browser URL will accept LDAP queries and return results in HTML format.  Note that Microsoft Internet Explorer does not work with LDAP URLs, neither does Netscape 6.

fix

General LDAP URL Format: "ldap://"[hostname[":"port]]"/"[dn["?"[attributes]["?"[scope]["?"[filter]["?"[extensions]]]]]]
LDAP URLs are defined in RFC 2255, and are an extension of general URLs, which are defined in RFC 1738.
The text in the quotes indicates literal text that needs to be entered exactly.  Everything else is a symbol for some element of the URL.  Those elements that are within brackets are optional, but notice the nesting of the brackets.  Some of the elements require that preceding ones be included as well.  The portNumber defaults to 389 if omitted, which is the default port used by most LDAP servers.  If the filter is omitted it defaults to objectClass=*, which means to return all entries in the scope.  The possible values for the scope are base, one, and sub.  The scope defaults to base if it is omitted.  An omitted DN defaults to the root of the tree.
Search elements were described in solution 10062361
Example: "ldap://ldap.acme.com/ou=accounting,o=acme,c=us?telephoneNumber?sub?objectClass=inetOrgPerson"  The above example will return the telephone numbers for all accounting department employees in the Acme company.
Notice that this example left off the portNumber and the extension portion of the URL.  That's okay because they're both optional.  An LDAP client reading an LDAP URL should default to use port 389 if the portNumber isn't present. Another thing that you commonly notice in LDAP URLs is that the attribute list portion is left blank.  A blank attribute list indicates that you want to see all of the attributes for the matched entries.  But because the attribute list is required if you include a scope, you have to remember to put the literal ?? Between the dn and scope as a placeholder for the attribute list.  The filter objectClass=inetOrgPerson means that we want to see all objects within our scope that are of class inetOrgPerson (User).

Do a general search
    ldap://10.5.2.10/??sub?                           (this would search everything in the directory)

Search in NDS at the COUNTRY level
    ldap://10.5.2.10/c=us??sub?                    (this would search everything under C=US)
    ldap://10.5.2.10/c=us??sub?(cn=john)       (this would search for the user "john" under C=US)
    ldap://10.5.2.10c=us??sub?(cn=j*)            (this would search for everything beginning with "j" under C=US)
    
NOTE:  Many time NDS isn't set up with a Country, so don't always include the country in the search.

Search in NDS at the ORGANIZATION level
    ldap://10.5.2.10/o=acme??sub?                 (this would search for everything under O=ACME)
    ldap://10.5.2.10/o=acme??sub?(cn=john)   (this would search for the user "john" under O=ACME)
    ldap://10.5.2.10/o=acme??sub?(cn=j*)       (this would search for everything beginning with "j" under O=ACME)

Search in NDS with multiple ORGANIZATIONAL UNIT'S
    ldap://10.5.2.10/ou=marketing,ou=sales,o=acme??sub?                   (this would search for everything under
    OU=MARKETING.OU=SALES.O=ACME)
    ldap://10.5.2.10/ou=marketing,ou=sales,o=acme??sub?(cn=john)      (this would search for the user "john" under
    OU=MARKETING.OU=SALES.O=ACME)  
    ldap://10.5.2.10/ou=marketing,ou=sales,o=acme??sub?(cn=j*)          (this would search for everything beginning
    with "j" under OU=MARKETING.OU=SALES.O=ACME)     

Search in NDS on names with spaces in them (Sales Dept)
    ldap://10.5.2.10/ou=sales%20dept,o=acme??one   (this would search for everyone under Acme's Sales
    Dept)
    ldap://10.5.2.10/ou=sales%20dept,o=acme??base  (this would search in Acme's Sales Dept only)

Search the subtree under o=Novell for all user objects
    ldap://137.65.85.172/o=novell??sub?ObjectClass=inetOrgPerson
    

document

Document Title:	Browser Search Strings For LDAP
Document ID:	10058069
Solution ID:	NOVL31074
Creation Date:	31Oct2000
Modified Date:	08Jan2003
Novell Product Class:	Developer Support Groupware NetWare Novell eDirectory

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.