2.2.1 - Simple search

Basically, a search in LDAP requires a few parameters :

  • A server on which we will send the request
  • A port for this server
  • A base DN, the location where to start the search from
  • A filter to select the entries to be returned
  • The user doing the search
  • A password if the user is not already bound
  • A scope, defining the depth we should look for
  • The list of attributes to return

There are several other options, which will be exposed in the next chapter.

Doing a Simple Search on the command line

Here is an exemple of search done on the base we have created :

$ ldapsearch -h zanzibar -p 10389 -b "o=sevenSeas" -s sub "(cn=James Hook)" +
version: 1
dn: cn=James Hook,ou=people,o=sevenSeas
accessControlSubentries: cn=sevenSeasAuthorizationRequirementsACISubentry,o=sevenSeas
creatorsName: cn=Horatio Nelson,ou=people,o=sevenSeas
createTimestamp: 20061203140109Z

Here, we see that we are connecting to the zanzibar server, on its 10389 port. As we haven’t provided any user, this is an anonymous search, which should be allowed if the server accept anonymous searches. We then have the base DN, “o=sevenseas”, the filter "(cn=James Hook)" and the scope : “sub”. The last parameter, “+”, asks the server to return all the operational attributes.

The result is just shown as a result of the command (here, we get back one single entry).