ldap:// protocol prefix (or ldaps://, if the server is communicating over an SSL connection) and specifies a search request sent to an LDAP server.
LDAP URLs have the following syntax:
ldap[s]://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>(The
ldap:// protocol is used to connect to LDAP servers over unsecured connections, and the ldaps:// protocol is used to connect to LDAP servers over SSL connections.)
Table 10.1 lists the components of an LDAP URL. Table 10.1 Components of an LDAP URL
%20. Thus, the distinguished name "ou=Product Development" must be encoded as "ou=Product%20Development".
Note that <attributes>, <scope>, and <filter> are identified by their positions in the URL. If you do not want to specify any attributes, you still need to include the question marks delimiting that field.
For example, to specify a subtree search starting from "o=Airius.com" that returns all attributes for entries matching "(sn=Jensen)", use the following URL:
ldap://ldap.netscape.com/o=Airius.com??sub?(sn=Jensen)Note that the two consecutive question marks -- ?? -- indicate that no attributes have been specified. Since no specific attributes are identified in the URL, all attributes are returned in the search.
"o=Airius.com".
ldap://ldap.netscape.com/o=Airius.com
"o=Airius.com". "(objectclass=*)" is used. postalAddress attribute of the o=Airius.com entry:
ldap://ldap.netscape.com/o=Airius.com?postalAddress
"o=Airius.com". "(objectclass=*)" is used. cn, mail, and telephoneNumber attributes of the entry for Barbara Jensen:
ldap://ldap.netscape.com/uid=bjensen,ou=People,o=Airius.com?cn,mail,telephoneNumber
"uid=bjensen,ou=People,o=Airius.com". "(objectclass=*)" is used. Jensen and are at any level under "o=Airius.com":
ldap://ldap.netscape.com/o=Airius.com??sub?(sn=Jensen)
sub, the search encompasses the base entry "o=Airius.com" and entries at all levels under the base entry. "o=Airius.com":
ldap://ldap.netscape.com/o=Airius.com?objectClass?one
one, the search encompasses all entries one level under the base entry "o=Airius.com". The search scope does not include the base entry. "(objectclass=*)" is used. Important The syntax for LDAP URLs does not include any means for specifying credentials or passwords. Search requests initiated through LDAP URLs are unauthenticated.
ldap_is_ldap_url() function. This function returns a nonzero value if the URL is an LDAP URL. If the URL is not an LDAP URL, the function returns 0.
The following section of code determines if a URL is an LDAP URL.
#include <stdio.h>
#include <ldap.h>
...
char *my_url = "ldap://ldap.netscape.com/o=Airius.com";
...
if ( ldap_is_ldap_url( my_url ) != 0 ) {printf( "%s is an LDAP URL.\n", my_url );
} else {printf( "%s is not an LDAP URL.\n", my_url );
}
...To verify that a URL complies with the LDAP URL syntax, you should call the
ldap_url_parse() function (see "Getting the Components of an LDAP URL").
ldap_url_parse() function. This function returns the LDAP URL components in an LDAPURLDesc structure, which is shown here:
typedef struct ldap_url_desc {char *lud_host;
int lud_port;
char *lud_dn;
char **lud_attrs;
int lud_scope;
char *lud_filter;
unsigned long lud_options;
}LDAPURLDesc;Here is a list of the field descriptions:
#include <stdio.h>
#include <ldap.h>
...
char *my_url = "ldap://ldap.netscape.com:5000/o=Airius.com?cn,mail,telephoneNumber?sub?(sn=Jensen)";
LDAPURLDesc *ludpp;
int res, i;
...
if ( ( res = ldap_url_parse( my_url, &ludpp ) ) != 0 ) { switch( res ){case LDAP_URL_ERR_NOTLDAP:
printf( "URL does not begin with \"ldap://\"\n" );
break;
case LDAP_URL_ERR_NODN:
printf( "URL missing trailing slash after host or port\n" );
break;
case LDAP_URL_ERR_BADSCOPE:
printf( "URL contains an invalid scope\n" );
break;
case LDAP_URL_ERR_MEM:
printf( "Not enough memory\n" );
break;
default:
printf( "Unknown error\n" );
}
return( 1 );
}
printf( "Components of the URL:\n" );
printf( "Host name: %s\n", ludpp->lud_host );
printf( "Port number: %d\n", ludpp->lud_port );
if ( ludpp->lud_dn != NULL ) { printf( "Base entry: %s\n", ludpp->lud_dn );
} else { printf( "Base entry: Root DN\n" );
}
if ( ludpp->lud_attrs != NULL ) { printf( "Attributes returned: \n" );
for ( i=0; ludpp->lud_attrs[i] != NULL; i++ ) { printf( "\t%s\n", ludpp->lud_attrs[i] );
}
} else { printf( "No attributes returned.\n" );
}
printf( "Scope of the search: " );
switch( ludpp->lud_scope ) {case LDAP_SCOPE_BASE:
printf( "base\n" );
break;
case LDAP_SCOPE_ONELEVEL:
printf( "one\n" );
break;
case LDAP_SCOPE_SUBTREE:
printf( "sub\n" );
break;
default:
printf( "Unknown scope\n" );
}
printf( "Filter: %s\n", ludpp->lud_filter );
...The code prints out the following results:
Components of the URL:
Host name: ldap.netscape.com
Port number: 5000
Base entry: o=Airius.com
Attributes returned:
cn
telephoneNumber
Scope of the search: sub
Filter: (sn=Jensen)
LDAPURLDesc structure from memory by calling the ldap_free_urldesc() function.
The following section of code parses an LDAP URL and then frees the LDAPURLDesc structure from memory after verifying that the LDAP URL is valid.
#include <stdio.h>
#include <ldap.h>
...
char *my_url = "ldap://ldap.netscape.com:5000/o=Airius.com?cn,mail,telephoneNumber?sub?(sn=Jensen)";
LDAPURLDesc *ludpp;
int res, i;
...
if ( ( res = ldap_url_parse( my_url, &ludpp ) ) != 0 ) { switch( res ){case LDAP_URL_ERR_NOTLDAP:
printf( "URL does not begin with \"ldap://\"\n" );
break;
case LDAP_URL_ERR_NODN:
printf( "URL does not contain a distinguished name\n" );
break;
case LDAP_URL_ERR_BADSCOPE:
printf( "URL contains an invalid scope\n" );
break;
case LDAP_URL_ERR_MEM:
printf( "Not enough memory\n" );
break;
default:
printf( "Unknown error\n" );
}
return( 1 );
}
printf( "URL is a valid LDAP URL\n" );
ldap_free_urldesc( ludpp );
...
ldap_url_search_s(), ldap_url_search_st(), or ldap_url_search() function.
ldap_url_search_s() is a synchronous function that completes the search operation before returning. Call this function if you need to wait for the operation to finish before continuing. Theldap_url_search_s()function returnsLDAP_SUCCESSif the operation completed successfully. If an error occurred, the function returns an error code. (See "Result Codes" for a complete listing of error codes.)
ldap_url_search_st() is a synchronous function that allows a certain amount of time for the completion of the search operation. Call this function if you need to wait for the operation to complete and if you want to set a timeout period for the operation. ldap_url_search() is an asynchronous function that initiates the search operation but does not wait for the operation to complete. Call this function if you want to perform other work (in parallel) while waiting for the operation to complete.Theldap_url_search()function returns a message ID identifying the search operation. To determine whether the operation is completed or still in progress, call theldap_result()function.
After the operation is completed, call theldap_result2error()function to determine whether the operation was successful. If the operation completed successfully, theldap_result2error()function returnsLDAP_SUCCESS. If an error occurred, the function returns an error code. (See "Result Codes" for a complete listing.)
#include <stdio.h>
#include <ldap.h>
...
LDAP *ld;
LDAPMessage *result;
char *my_url = "ldap://ldap.netscape.com/o=Airius.com?cn,mail,telephoneNumber?sub?(sn=Jensen)";
/* Process the search request in the URL. */
if ( ldap_url_search_s( ld, my_url, 0, &result ) != LDAP_SUCCESS ) {ldap_perror( ld, "ldap_url_search_s" );
return( 1 );
}
Last Updated: 10/01/98 17:04:38