Alcatel-Lucent 6850-48 Guida Di Rete
Managing Authentication Servers
LDAP Servers
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 35-21
All attributes are automatically deleted when requests to delete the last value of an attribute are submitted.
Attributes can also be deleted by specifying delete value operations without attaching any values.
Attributes can also be deleted by specifying delete value operations without attaching any values.
Modified attribute values are replaced with other given values by submitting replace requests to the server,
which then translates and performs the requests.
which then translates and performs the requests.
Directory Compare and Sort
LDAP will compare directory entries with given attribute values to find the information it needs. The
Compare function in LDAP uses a DN as the identity of an entry, and searches the directory with the type
and value of an attribute. Compare is similar to the Search function, but simpler.
Compare function in LDAP uses a DN as the identity of an entry, and searches the directory with the type
and value of an attribute. Compare is similar to the Search function, but simpler.
LDAP will also sort entries by their types and attributes. For the Sort function, there are essentially two
methods of sorting through directory entries. One is to sort by entries where the DN (Distinguished Name)
is the sort key. The other is to sort by attributes with multiple values.
methods of sorting through directory entries. One is to sort by entries where the DN (Distinguished Name)
is the sort key. The other is to sort by attributes with multiple values.
The LDAP URL
LDAP URLs are used to send search requests to directory servers over TCP/IP on the internet, using the
protocol prefix: ldap://. (Searches over SSL would use the same prefix with an “s” at the
end, i.e., ldaps://.)
protocol prefix: ldap://. (Searches over SSL would use the same prefix with an “s” at the
end, i.e., ldaps://.)
LDAP URLs are entered in the command line of any web browser, just as HTTP or FTP URLs are
entered. When LDAP searches are initiated LDAP checks the validity of the LDAP URLs, parsing the
various components contained within the URLs to process the searches. LDAP URLs can specify and
implement complex or simple searches of a directory depending on what is submitted in the URLs.
Searches performed directly with LDAP URLs are affected by the LDAP session parameters described
above.
entered. When LDAP searches are initiated LDAP checks the validity of the LDAP URLs, parsing the
various components contained within the URLs to process the searches. LDAP URLs can specify and
implement complex or simple searches of a directory depending on what is submitted in the URLs.
Searches performed directly with LDAP URLs are affected by the LDAP session parameters described
above.
In the case of multiple directory servers, LDAP URLS are also used for referrals to other directory servers
when a particular directory server does not contain any portion of requested IP address information.
Search requests generated through LDAP URLs are not authenticated.
when a particular directory server does not contain any portion of requested IP address information.
Search requests generated through LDAP URLs are not authenticated.
Searches are based on entries for attribute data pairs.
The syntax for TCP/IP LDAP URLs is as follows:
ldap://<hostname>:<port>/<base_dn>?attributes>?<scope>?<filter>
An example might be:
ldap://ldap.company name.xxx/o=company name%inc./,c=US>
(base search including all attributes/object classes in scope).
(base search including all attributes/object classes in scope).
LDAP URLs use the percent symbol to represent commas in the DN. The following table shows the basic
components of LDAP URLs.
components of LDAP URLs.
components
description
<ldap>
Specifies TCP/IP connection for LDAP protocol. (The <ldaps>
prefix specifies SSL connection for LDAP protocol.)
prefix specifies SSL connection for LDAP protocol.)
<hostname>
Host name of directory server or computer, or its IP address (in dot-
ted decimal format).
ted decimal format).
<port>
TCP/IP port number for directory server. If using TCP/IP and
default port number (389), port need not be specified in the URL.
SSL port number for directory server (default is 636).
default port number (389), port need not be specified in the URL.
SSL port number for directory server (default is 636).