Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

Published byBarnaby Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required."— Presentation transcript:

1 LDAP Search Criteria Fall 2004 Rev. 2

2 LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required information is server, port, and starting point for search (search base) Everything else is optional

3 LDAP Search Syntax Nine parts to a LDAP search (we only will talk about 7 in class) [baseObject] [scope] [sizeLimit] [timeLimit] [filter] [attributes]

4 [baseObject] LDAP Distinguished Name (DN) Where to start the search RFC 2253

5 [scope] How far the search will look into the directory baseObject - the DN specified only singleLevel - the immediate subordinates of DN (not including baseObject) wholeSubtree - everything below DN, including baseObject

6 [sizeLimit] Restrict number of entries returned by search results Setting to 0 (zero) means no limitations Valid entries have positive value Note: Most servers restrict returns to ~1500 entries to prevent DOS attacks, no matter what the client specifies

7 [timeLimit] Number of seconds to allow for completion of search Value of 0 (zero) is unlimited time Valid entries have positive value Note: Most servers have a max search timeout value configured to prevent DOS, no matter what the client specifies

8 [filters] The filter gives more specific search requirements The matching rules are used Also can use and (&), or (|), not (!) Equality(=), Less than ( =), Approximate (~=), substring (*) Examples ‘(|(cn=j)(sn=d))’ [or] ‘(!(cn=j*))’ [not] ‘(&(cn=j*)(cn=d*))’ [and]

9 [filters] Examples ‘(cn=jdoe)’ [equality] ‘(cn=*doe*)’ [substring] ‘(sn>=Doe)’ [Greater than] ‘(sn<=Doe)’ [Less than] ‘(sn~=Doe)’ [Approximate]

10 [attributes] Specifies what attributes should be returned to the client NULL and * return all attributes

11 ldapsearch Command line tool with OpenLDAP Usage and manual ‘man ldapsearch’ Example: ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(cn=j*)' cn

12 ldapsearch Common Switches “-h” - hostname or ip address “-b” - search base (where you want to search) “-D” - bind name (login to server) “-x” - simple authentication “-W” - prompt for password “-s” - scope (sub, base, one)

13 ldapsearch ldapsearch [options] [filter [attributes]] [options] -h www.nldap.com -b “ou=users,o=novell” -x - Wwww.nldap.com [filter] ‘(cn=j*)’ [attributes] cn

14 Example ldapsearch ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(cn=j*)' cn ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(&(cn=j*)(sn=d*))' cn sn ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(&(cn=j*)(sn=d*))' securityEquals ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(sn>=zimmer)' cn sn ldapsearch -h www.nldap.com -b "ou=user, o=novell" -x -W '(sn~=Smyth)' cn sn

15 LDAP URLs Originally defined by UMich Original RFC 1959 Current RFC 2255 (updated for LDAPv3)

16 Format of LDAP URL Basic Form ldap://[hostport]/[dn] Six parts of LDAP URL hostport dn attributes scope filter extensions Not all parts are required

17 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] ldap:// Scheme prefix Denotes which protocol to use when handling this URL

18 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [hostport] Specifies LDAP server to contact What port to contact the server Default port is 389 Separated from ldap server with a “:” Acme.com:389

19 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [/dn] Distinguished name of object to search DN constructed according to RFC 2253 section 3 cn=jdoe,ou=engr,dc=acme,dc=com ldap://acme.com/cn=jdoe,ou=engr,dc=acme,dc=com ldap://acme.com/ou=engr,dc=acme,dc=com

20 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [?[attributes]] What attributes should be returned Default (no options) is all attributes ldap://acme.com/cn=jdoe,ou=engr,dc=acme,dc=com?sn ldap://acme.com/ou=engr,dc=acme,dc=com?cn

21 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [?[scope]] Range to search in the directory Three options base - specified object only one - single level of directory below specified object sub - entire subtree below specified object ldap://acme.com/cn=jdoe,ou=engr,dc=acme,dc=com?sn?base ldap://acme.com/ou=engr,dc=acme,dc=com?cn?sub

22 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [?[filter]] Search filter to apply to search Default (option omitted is ‘(objectClass=*)’ ldap://acme.com/ou=engr,dc=acme,dc=com?cn?sub?(cn=jdoe) ldap://acme.com/ou=engr,dc=acme,dc=com?cn?sub?(cn=j*)

23 ldap://[hostport][/dn[?[attributes][?[scope][?[filter][?[extensions]]]]]] [?[extensions]] Type=value format Usually used for directory specific operations ldap://acme.com/ou=engr,dc=acme,dc=com?cn?sub??foo=bar

Download ppt "LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required."

Similar presentations

CGI & HTML forms -05-. CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.

CGI & HTML forms CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.
Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
LDAP crawlers use cases, dangers and how to cope with them 2 nd OpenLDAP Developers Day, Vienna, July 18, 2003 Peter Gietz

LDAP crawlers use cases, dangers and how to cope with them 2 nd OpenLDAP Developers Day, Vienna, July 18, 2003 Peter Gietz
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
September 15, 2015 Using LDAP Authentication in Apache 2.2 Brad Nicholes Sr. Software Engineer, Novell Inc. Member, Apache Software Foundation

September 15, 2015 Using LDAP Authentication in Apache 2.2 Brad Nicholes Sr. Software Engineer, Novell Inc. Member, Apache Software Foundation
1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.

1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – www.openldap.org docs –RFCs:

Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – docs –RFCs:
EDirectory Update with 8.7.1 Gary J Porter MindWorks, Inc.

EDirectory Update with Gary J Porter MindWorks, Inc.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

Similar presentations

Ads by Google