No Title[an error occurred while processing this directive]
Reference: Cisco: Internetworking Basics
The major feature of an LDAP directory is its ability to return search results on queries very rapidly. All SDKs provide methods for obtaining and handling search results from the directory. Many SDKs provide the ability for result sets from a search to be parsed to return entry names, and all or a subset of its attributes and values.
Before you can search an LDAP directory, you need certain information:
The host name directs the search to the machine where the directory resides. If you are at the console on the machine that is running the LDAP server, you can use the host name "localhost" or IP Address "127.0.0.1".
The port is the TCP port of the machine (indicated by the host name) where the directory server is listening for LDAP connections. The standard port for LDAP is port 389 for non-SSL connections and 636 for SSL connections.
The base distinguished name (DN) indicates where in the LDAP directory you wish to begin the search. An LDAP directory is arranged in tree fashion, with a root and various branches off this root. The base DN is used to indicate at which node the search should originate. For example, we could indicate a base of dc=idevelopment,dc=info for a search that starts at the top and proceeds downward. If instead we specified dc=idevelopment,dc=info then any entries above this tree would not be eligible for searching.
Scope is the stating point of a search and the depth from the base DN to which the search should occur. There are three options (values) for the scope:
The search filter is the query string. It is used to filter the entries in the directory and produce the desired set of matching records. Filters are built using parentheses and combinations of the symbols &, |, and !, which represent AND, OR and NOT, respectively. If you wanted to locate all people with "jhunter" at the beginning of their names, the following filter would do the trick:
This expression represents a search for all entries with an object class of type person in which the common name begins with "jhunter". Like most other LDAP attributes, the cn attribute has case-insensitive syntax, so replacing jhunter* with JHunter* or JHUNTER* would yield the same results.
Search filters can be nested to any level
This filter says to find all entries with object class person in which the common name is Jeff Hunter or begins with "mhunter*". A logical operator should appear before the parenthesis enclosing the group of compares it affects. You can specify the order for operators by nesting parentheses.
Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.
Copyright (c) 1998-2018 Jeffrey M. Hunter. All rights reserved.
All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at email@example.com.
I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.
Last modified on
Thursday, 26-Jul-2012 11:12:50 EDT
Page Count: 119812