Components of an LDAP Search

An LDAP search has the potential to retrieve information about all objects within a specific scope that have certain characteristics — for example, the telephone number of every person in a department.

The following are used to accomplish an LDAP search:

  • A search base (the distinguished name of the search base object) defines the location in the directory from which the LDAP search begins.

  • A search scope defines how deep to search within the search base.

    • Base , or zero level, indicates a search of the base object only.

    • One level indicates a search of objects immediately subordinate to the base object, but does not include the base object itself.

    • Subtree indicates a search of the base object and the entire subtree of which the base object distinguished name is the topmost object.

  • A filter allows certain entries in the subtree and excludes others.

  • A selection indicates what attributes to return from objects that match the filter criteria.

  • Optional controls affect how the search is processed.

Figure 3.1 illustrates the base distinguished name and the search scope of an LDAP search.


Figure 3.1 LDAP Search Base and Search Scope

Figure 3.2 shows the base distinguished name for a container object.


Figure 3.2 Base Distinguished Name for an LDAP Search