LDAP: Difference between revisions

The educational technology and digital learning wiki
Jump to navigation Jump to search
 
Line 4: Line 4:
== Definition ==
== Definition ==


= TECFA's LDAP Pointers =
The '''Lightweight Directory Access Protocol''' (LDAP) is a client-server protocol for querying and modifying a directory service. It represents a kind of hierarchical database.


LDAP is a client-server protocol for accessing a directory service. It was initially used as a front-end to X.500, but can also be used with stand-alone and other kinds of directory servers. So there are stand-alone LDAP servers or middle-ware software. LDAP has become the de facto access method for directory information, much the same as the Domain Name System (DNS) is used for IP address look-up
LDAP has become the de facto access method for directory information, much the same as the Domain Name System (DNS) is used for IP address look-up. Often LDAP is also used to authenticate users, i.e. instead of authenticating users with password files or custom databases (in the case of portails), on may ask an LDAP server to match a username with
a password.


LDAP is a vendor-independent, open, network PROTOCOL standard and thus is as platform-independent as you can get. LDAP is supported by a lot of vendors (Netscape, Sun, Microsoft, Novell, IBM, ...)
LDAP is a vendor-independent, open, network protocol standard and thus is as platform-independent as you can get. LDAP is supported by a lot of vendors (Netscape, Sun, Microsoft, Novell, IBM, ...)


Disclaimer: This page started on March 30, 1999. I am NO LDAP expert AT ALL ! I just got fed up with manually administering email lists of our few students.
== Architecture overview ==


= LDAP at TECFA =
In LDAP world, a directory is defined as follows:


At Tecfa LDAP has been used to:
; By its structure
* It is a tree of entries (like a file system or the Windows registry)


* create structured email directories of our students and ourselves:. Try http://tecfa.unige.ch/tecfa-people/ldap.html
; By having entries
 
* Each entry is a collection of attributes
At Tecfa LDAP is under investigation for:
* Each entry has a unique identifier: its '''Distinguished Name''' (DN). It is constructed as a list of some attributes. DN's must be unambiguous, e.g. an organisation can choose as DN for its users the email address or a department name + Unix login.
 
* Entries can be typed with '''ObjectClasses''', i.e. a schema that allows to define which attributes are required and which are optional.
* User authentication in Internet applications and more generally "one single authentication/login per user for everything", something the university should actually provide for us :)
 
= Documentation =
 
== Indexes for Documentation ==
 
* RFCs can be found in several places, e.g. at http://www.umich.edu/~dirsvcs/ldap/doc/, at [http://www.critical-angle.com/ldapworld/ldapv3.html#related Critical Angle], at [http://www.stanford.edu/group/networking/directory/x500ldapfaq.biblio.html X.500 and LDAP: Raw Bibliography of Relevant RFCs], ..
 
== Specifications ==
 
Some RFC's:
 
* [http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1777.txt Lightweight Directory Access Protocol] (RFC-1777)
* [ftp://ftp.isi.edu/in-notes/rfc1959.txt LDAP URL Format] (RFC-1959)
* [http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1558.txt String Representation of LDAP Search Filters] (RFC-1558)
* [http://www.critical-angle.com//ldapworld/rfc2256.txt Summary of the X.500(96) User Schema for use with LDAPv3] (rfc2256)
 
Other Stuff
 
* The [http://www.unicode.org/ UniCode] doc
 
== FAQs ==
 
* [http://www3.innosoft.com/ldapworld/ldapfaq.html LDAP FAQ at Innosoft]
* [http://www.kingsmountain.com/ldapRoadmap.shtml Jeff Hodge's LDAP Roadmap & FAQ]
 
== Programmer's Tutorials ==
 
* [http://java.sun.com/products/jndi/tutorial/ The JNDI Tutorial ] Building directory-enabled Java applications by by Rosanna Lee (at Sun)
 
== Articles ==
 
... randomly found and look at so far ...
 
* [http://www.stanford.edu/~hodges/talks/mactivity.ldap.97/index2.html Introduction to Directories and the Lightweight Directory Access Protocol] (Jeff Hodges@Stanford). Good set of introductory slides
* [http://www.stanford.edu/~hodges/talks/EMA98-DirectoryServicesRollout/Steve_Kille/index.htm Why do I need a Directory when I could use a Relational Database?] Powerpoint slides from a talk given at Stanford
* [http://developer.netscape.com/docs/manuals/ldap/index.html An Internet Approach To Directories ] (Netscape specific, but has general value)
* [http://www.redbooks.ibm.com/abstracts/sg244986.html IBM's LDAP Redbook] (PDF Format). EXCELLENT !
* [http://www.sunworld.com/swol-10-1996/swol-10-ldap.html LDAP: The next-generation directory?] SunWorld Article. Good overview, includes pointers to on-line specs
 
= Most important indexes =
 
* [http://www.ldapcentral.com/ LDAP Central]. Good and large Index (has most major links)
* [http://developer.netscape.com/tech/directory/ Netscape's Directory Developer Centeral]. Good ressource (with a lot of Netscape centered information of course, but more ...)
* [http://www.sendung.de/ldap/clients/ LDAP Quellen]
* [http://webopedia.internet.com/TERM/L/LDAP.html Webopedia's LDAP Page]
* [http://www3.innosoft.com/ldapworld/ Innosoft's LDAP World ] (no longer fully maintained ?)
* [http://www.openldap.org/ OpenLDAP]
* [http://www.umich.edu/~dirsvcs/ldap/index.html University of Michigan's Lightweight Directory Access Protocol]
* [http://dir.yahoo.com/Computers_and_Internet/Communications_and_Networking/Protocols/LDAP__Lightweight_Directory_Access_Protocol_/ LDAP at Yahoo]
* [http://www.mjwilcox.com/ldap/links.htm Mark Wilcox's List o' Links on LDAP] minimalistic presentation, but good stuff
* [http://www.wanderlist.com/ldap LDAP Resources ] A short rated list from B. Foote[http://dmoz.org/Computers/Software/Internet/Servers/Directory/ "Directory" Entries at Dmoz]
 
= Software =
 
== Clients ==
 
* Netscape Communicator is LDAP aware. The ldap URLs work and its mail client can access LDAP servers. See also: [http://developer.netscape.com/docs/manuals/communicator/ldap45.htm Customizing LDAP Settings For Communicator 4.5]. (Important information on how to edit/configure preferences.js).
* Microsoft, Pine, Eudora are also LDAP aware (but we don't use these much)
* [http://www.iit.edu/~gawojar/ldap/ LDAP Browser/Editor] Java-based GUI
* [http://www.hklc.com/infocenter/articles/My_Software_x_LDAP_web_xplorer.html LDAP Web Exploter]. (PHP) Under development, dead ?
* [http://web.horde.org/imp/ IMAP webMail Program] PHP scripts featuring IMAP, LDAP, MySQL (and others) and more ...
* Xax500 ...
* [http://biot.com/gq gq - The Gentleman's LDAP client] Recent X Client (needs gtk installed). Works fine (but I did not figure out how to edit so far empty attributes)
* Under development: [http://www.mjwilcox.com/plums/ Plums (Java/Swing)]
* [http://sites.inka.de/ms/python/ldap-client-cgi/ Python cgi client (ldap-client-cgi.py) ]
 
== LDAP Development Libraries ==


* We played with the [/guides/php/ PHP Interface]
; Entries having attributes
* From [http://www.openldap.org/ OpenLDAP] were the libraries compiled into PHP (and they work with Netcape's Calendar Server)
* Each attribute has a name, called '''type''' and can have several values.
* Todo: hava a look at [http://www.mozilla.org/directory/ Mozilla's ] SDK (same as the Netscape ones)
* (To do) Java SKs exist from Sun, Netscape, and others
* To do: PerlDAP, See [http://www.ddj.com/articles/1999/9904/9904h/9904h.htm Examining PerLDAP] Simplifying LDAP access, Dr. Dobbs Article by Troy Neeriemer


= DIT, Entries, ObjectClasses, attributes, filters =
Here is a picture from [http://www.redbooks.ibm.com/abstracts/sg244986.html IBM's LDAP Redbook] defining entries and attributes:


* [http://www.hklc.com/ldapschema/ LDAP Schema Viewer] on-line tool from Linux Center(HK) Ltd.
[[Image:entry-model.gif|frame|none|LDAP Entries and attributes]]
* Best doc I found: [http://www.redbooks.ibm.com/abstracts/sg244986.html IBM's LDAP Redbook] (PDF Format), in particular chapter 2 (2.2.2 and 2.2.3).


== Entries ==
; Standardization
* Both ObjectClasses and Attributes must be defined in a schema, else and LDAP server will not accept entries.
* For most kinds of directories, there exist a series of international standards.


* An '''entry''' is a collection of attributes that has a name, called a distinguished name (DN). The DN is used to refer to the entry unambiguously.
* Each of the entry's '''attributes''' has a '''type''' and '''one or more values'''.
* Entries can be typed with '''ObjectClasses''', i.e. a schema that allows to define which attributes are required and which are optional.
* Ususally X500 conventions for defining entries, classes, and attributes types are used (It's not mandatory, but recommended).


From [http://www.redbooks.ibm.com/abstracts/sg244986.html IBM's LDAP Redbook, p.25] (PDF Format): [[Image:entry-model.gif|entry-model]]<br clear="all" />
== Directory information - entries ==


== Object Classes ==
=== Object Classes ===


Standard Object Classes are taken from X.500, they include
Standard Object Classes are taken from X.500, they include
   
   
    Alias
Alias
    Country
Country
    Locality
Locality
    Organization
Organization
    Organizational Unit
Organizational Unit
    Person
Person


== Distinguished Name ==
=== Distinguished Name ===


Each entry must have a '''Distinguished Name''' (DN). It's composed of the entry's relative distinguised name and all of the ancestors of the entry up to the root of the DIT (Directory Information Tree).
Each entry must have a '''Distinguished Name''' (DN). It's composed of the entry's relative distinguised name and all of the ancestors of the entry up to the root of the DIT (Directory Information Tree).
Line 127: Line 54:
Example:
Example:


  dn: uid=roiron,o=tecfa.unige.ch
  dn: uid=roiron,o=tecfa.unige.ch


Note: The relative dn is context dependent, e.g. uid for persons in the Netscape directory, cn for groupOfUniqueNames, etc.
== Some common Attribute types ==
 
== Some common Attributes ==


From X500 (I believe), e.g. see [http://www.critical-angle.com//ldapworld/rfc2256.txt Summary of the X.500(96) User Schema for use with LDAPv3] (rfc2256). Each attribute value must respect some defined syntax.
From X500 (I believe), e.g. see [http://www.critical-angle.com//ldapworld/rfc2256.txt Summary of the X.500(96) User Schema for use with LDAPv3] (rfc2256). Each attribute value must respect some defined syntax.


Note: If you have a Netscape Server installed clicking on Directory-Server-&gt;Schema in the Admin Server or checking the Directory Administration Manual (in particular [http://tecfa2.unige.ch:8001/slapd-help/manual/ag/attribut.htm Appendix B-Attributes] and [http://tecfa2.unige.ch:8001/slapd-help/manual/ag/objclass.htm Appendix A (Object Classes)]
   cn              CommonName (in principle: givenname  SN)
   cn              CommonName (in principle: givenname  SN)
   co              Country (or sometimes c?)
   co              Country (or sometimes c?)
Line 178: Line 98:
   
   


Note: The Netscape Directory Server may contain a lot of entries for their groupware applications (Calendar).
== The LDIF Format ==
 
== Search Filters ==
 
Note that search can be performed on any subtree of the DIT. See for instance the LDAP URL examples below.
 
Syntax:
 
attribute OPERATOR value
 
Operators:
 
  =    equal
  &gt;=  bigger than (including alphabetic)
  &lt;=
  =*  all entries that have this attribute
  ~=   aprroximate match
  &amp;    and, entries match ALL criteria
  |    or, one of entries must match
  !    not
 
Example:


LDIF is the text format that can be used to export/import information from/into a directory server. The LDAP directory server itself uses some kind of binary format.  
(| (sn=roiron) (&amp;ou=tecfa) (sn=muller))
.. returns all roiron  all muller that are members of tecfa


== The LDIF Format ==
As you can see, each entry has at least a ''dn:'' and an ''objectclass:''


LDIF is the text format that can be used to export/import information from/into a directory server. Require are the '''dn''' and at least one object class definition. Order of attributes is not important. '''Examples:'''
'''Examples:'''


A organization:
A organization:
   
   
  dn: o=tecfa.unige.ch
  dn: o=tecfa.unige.ch
Line 221: Line 114:


Organizational Unit:
Organizational Unit:
   
   
  dn: ou=tecfa,o=tecfa.unige.ch
  dn: ou=tecfa,o=tecfa.unige.ch
Line 230: Line 122:


A person:
A person:
   
   
  dn: uid=roiron,o=tecfa.unige.ch
  dn: uid=roiron,o=tecfa.unige.ch
Line 246: Line 137:
  title: Assistant
  title: Assistant
  telephonenumber: 9696
  telephonenumber: 9696
== LDAP Search ==
=== Search Filters ===
Note that search can be performed on any subtree of the directory tree. See for instance the LDAP URL examples below.
Syntax:
attribute OPERATOR value
Operators:
   
   
  =    equal
  &gt;=  bigger than (including alphabetic)
  &lt;=
  =*  all entries that have this attribute
  ~=  aprroximate match
  &amp;    and, entries match ALL criteria
  |    or, one of entries must match
  !    not
Example:
(| (sn=roiron) (&amp;ou=tecfa) (sn=muller))
.. returns all roiron  all muller that are members of tecfa
http://tecfa.unige.ch/tecfa-people/ldap.html
== Documentation ==
=== Indexes for Documentation ===
* RFCs can be found in several places, e.g. at http://www.umich.edu/~dirsvcs/ldap/doc/, at [http://www.critical-angle.com/ldapworld/ldapv3.html#related Critical Angle], at [http://www.stanford.edu/group/networking/directory/x500ldapfaq.biblio.html X.500 and LDAP: Raw Bibliography of Relevant RFCs], ..
=== Specifications ===
Some RFC's (there are many more !)
* [http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1777.txt Lightweight Directory Access Protocol] (RFC-1777)
* [ftp://ftp.isi.edu/in-notes/rfc1959.txt LDAP URL Format] (RFC-1959)
* [http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1558.txt String Representation of LDAP Search Filters] (RFC-1558)
* [http://www.critical-angle.com//ldapworld/rfc2256.txt Summary of the X.500(96) User Schema for use with LDAPv3] (rfc2256)
Other Stuff
* The [http://www.unicode.org/ UniCode] doc
=== FAQs ===
* [http://www3.innosoft.com/ldapworld/ldapfaq.html LDAP FAQ at Innosoft]
* [http://www.kingsmountain.com/ldapRoadmap.shtml Jeff Hodge's LDAP Roadmap &amp; FAQ]
=== Programmer's Tutorials ===
* [http://java.sun.com/products/jndi/tutorial/ The JNDI Tutorial ] Building directory-enabled Java applications by by Rosanna Lee (at Sun)
== Articles ==
* [http://www.stanford.edu/~hodges/talks/mactivity.ldap.97/index2.html Introduction to Directories and the Lightweight Directory Access Protocol] (Jeff Hodges@Stanford). Good set of introductory slides
* [http://www.stanford.edu/~hodges/talks/EMA98-DirectoryServicesRollout/Steve_Kille/index.htm Why do I need a Directory when I could use a Relational Database?] Powerpoint slides from a talk given at Stanford
* [http://developer.netscape.com/docs/manuals/ldap/index.html An Internet Approach To Directories ] (Netscape specific, but has general value)
* [http://www.redbooks.ibm.com/abstracts/sg244986.html IBM's LDAP Redbook] (PDF Format). EXCELLENT !
* [http://www.sunworld.com/swol-10-1996/swol-10-ldap.html LDAP: The next-generation directory?] SunWorld Article. Good overview, includes pointers to on-line specs
== Links ==
* [http://www.ldapcentral.com/ LDAP Central]. Good and large Index (has most major links)
* [http://developer.netscape.com/tech/directory/ Netscape's Directory Developer Centeral]. Good ressource (with a lot of Netscape centered information of course, but more ...)
* [http://www.sendung.de/ldap/clients/ LDAP Quellen]
* [http://webopedia.internet.com/TERM/L/LDAP.html Webopedia's LDAP Page]
* [http://www3.innosoft.com/ldapworld/ Innosoft's LDAP World ] (no longer fully maintained ?)
* [http://www.openldap.org/ OpenLDAP]
* [http://www.umich.edu/~dirsvcs/ldap/index.html University of Michigan's Lightweight Directory Access Protocol]
* [http://dir.yahoo.com/Computers_and_Internet/Communications_and_Networking/Protocols/LDAP__Lightweight_Directory_Access_Protocol_/ LDAP at Yahoo]
* [http://www.mjwilcox.com/ldap/links.htm Mark Wilcox's List o' Links on LDAP] minimalistic presentation, but good stuff
* [http://www.wanderlist.com/ldap LDAP Resources ] A short rated list from B. Foote[http://dmoz.org/Computers/Software/Internet/Servers/Directory/ "Directory" Entries at Dmoz]
== Software ==
=== Clients ===
* Netscape Communicator used to be LDAP aware. The LDAP URLs work and its mail client can access LDAP servers.
* Most mail clients can access directory services (but not edit LDAP directories or make custom queries for other information than names, firstnames, emails and such).
* [http://www.iit.edu/~gawojar/ldap/ LDAP Browser/Editor] Java-based GUI
* [http://www.hklc.com/infocenter/articles/My_Software_x_LDAP_web_xplorer.html LDAP Web Exploter]. (PHP) Under development, dead ?
* [http://biot.com/gq gq - The Gentleman's LDAP client] Recent X Client (needs gtk installed). Works fine (but I did not figure out how to edit so far empty attributes)
* Under development: [http://www.mjwilcox.com/plums/ Plums (Java/Swing)]
* [http://sites.inka.de/ms/python/ldap-client-cgi/ Python cgi client (ldap-client-cgi.py) ]
== LDAP Development Libraries ==
* [[PHP]] has an LDAP library included


= Examples =
== Examples ==


== LDAP URLs ==
== LDAP URLs ==

Revision as of 18:00, 22 November 2007

This article or section is currently under construction

In principle, someone is working on it and there should be a better version in a not so distant future.
If you want to modify this page, please discuss it with the person working on it (see the "history")

Definition

The Lightweight Directory Access Protocol (LDAP) is a client-server protocol for querying and modifying a directory service. It represents a kind of hierarchical database.

LDAP has become the de facto access method for directory information, much the same as the Domain Name System (DNS) is used for IP address look-up. Often LDAP is also used to authenticate users, i.e. instead of authenticating users with password files or custom databases (in the case of portails), on may ask an LDAP server to match a username with a password.

LDAP is a vendor-independent, open, network protocol standard and thus is as platform-independent as you can get. LDAP is supported by a lot of vendors (Netscape, Sun, Microsoft, Novell, IBM, ...)

Architecture overview

In LDAP world, a directory is defined as follows:

By its structure
  • It is a tree of entries (like a file system or the Windows registry)
By having entries
  • Each entry is a collection of attributes
  • Each entry has a unique identifier: its Distinguished Name (DN). It is constructed as a list of some attributes. DN's must be unambiguous, e.g. an organisation can choose as DN for its users the email address or a department name + Unix login.
  • Entries can be typed with ObjectClasses, i.e. a schema that allows to define which attributes are required and which are optional.
Entries having attributes
  • Each attribute has a name, called type and can have several values.

Here is a picture from IBM's LDAP Redbook defining entries and attributes:

File:Entry-model.gif
LDAP Entries and attributes
Standardization
  • Both ObjectClasses and Attributes must be defined in a schema, else and LDAP server will not accept entries.
  • For most kinds of directories, there exist a series of international standards.


Directory information - entries

Object Classes

Standard Object Classes are taken from X.500, they include 

Alias
Country
Locality
Organization
Organizational Unit
Person

Distinguished Name

Each entry must have a Distinguished Name (DN). It's composed of the entry's relative distinguised name and all of the ancestors of the entry up to the root of the DIT (Directory Information Tree).

Example: 

dn: uid=roiron,o=tecfa.unige.ch

Some common Attribute types

From X500 (I believe), e.g. see Summary of the X.500(96) User Schema for use with LDAPv3 (rfc2256). Each attribute value must respect some defined syntax. 

  cn               CommonName (in principle: givenname   SN)
  co               Country (or sometimes c?)
  dc               DomainComponent
  description      Describes the Entry
  dn               DistinguishedName (Owner)
  drink            favorite drink of a Person
  employeeType
  fax              facsimileTelephoneNumber
  givenname        First Name
  homePhone
  homePostalAddress (each line must be separated with a $)
  keywords         keywords for the entry.
  l                Locality Name
  labeledURI       URL that is relevant in some way to the entry
  mail             Email
  mailAlternateAddress
  manager          dn of the entry's manager
  member           dn for each member of the group
  memberURL        URL associated with each member of a group
  mobile           entry's mobile or cellular phone number
  o                Organization Name
  organizationalStatus person's role in an organization
  ou               Organizational Unit Name
  personalTitle    like Mr.
  postalAddress    (each line must be separated with a $)
  roomNumber       room number of an object
  sa               Street Address
  secretary        entry's secretary or administrative assistant
  seeAlso          related information
  sn               SurName
  st               State or Province Name
  street           entry's house number and street name
  telephonenumber
  title            Job Title
  userClass        Specifies a category of computer user
  userpassword

The LDIF Format

LDIF is the text format that can be used to export/import information from/into a directory server. The LDAP directory server itself uses some kind of binary format.

As you can see, each entry has at least a dn: and an objectclass:

Examples:

A organization: 

dn: o=tecfa.unige.ch
objectclass: top
objectclass: organization
o: tecfa.unige.ch

Organizational Unit: 

dn: ou=tecfa,o=tecfa.unige.ch
objectclass: top
objectclass: organizationalUnit
ou: tecfa
description: TECFA

A person: 

dn: uid=roiron,o=tecfa.unige.ch
userpassword: ....
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: nsCalUser
givenname: Cyril
sn: Roiron
cn: Cyril Roiron
uid: roiron
mail: roiron@fapse.unige.ch
title: Assistant
telephonenumber: 9696

LDAP Search

Search Filters

Note that search can be performed on any subtree of the directory tree. See for instance the LDAP URL examples below.

Syntax: 

attribute OPERATOR value

Operators: 

 =    equal
 >=   bigger than (including alphabetic)
 <=
 =*   all entries that have this attribute
 ~=   aprroximate match

 &    and, entries match ALL criteria
 |    or, one of entries must match
 !    not

Example: 

(| (sn=roiron) (&ou=tecfa) (sn=muller))
.. returns all roiron   all muller that are members of tecfa


http://tecfa.unige.ch/tecfa-people/ldap.html

Documentation

Indexes for Documentation

Specifications

Some RFC's (there are many more !)

Other Stuff

FAQs

Programmer's Tutorials

Articles

Links

Software

Clients

LDAP Development Libraries

  • PHP has an LDAP library included


Examples

LDAP URLs

See: LDAP URL Format (RFC-1959)

Filter Syntax (much simplified, see also RFC-1558): 


ldap://SERVER/BASE_DN/?ATTRIBUTES?ITEMS?FILTER

SERVER     = ldap server URL
BASE_DN    = The Base DN
ATTRIBUTES = What attributes to return for found entries
ITEMS      = How many (of the same) attributes to return
FILTER     = Entries must have these attribute value pairs

Some LDAP queries printing WHOLE entries

  • ldap://tecfa2.unige.ch/o=tecfa.unige.ch??sub? ... most everything in our server
  • ldap://tecfa2.unige.ch/o=tecfa.unige.ch??sub?(sn=*) .. all things that have sn (Surnames)
  • ldap://tecfa2.unige.ch/o=tecfa.unige.ch??one?(sn=*) .. one of all things that have sn (Surnames)
  • ldap://tecfa2.unige.ch/o=tecfa.unige.ch??one?(objectClass=person)... Persons only
  • [ldap://tecfa2.unige.ch/o=tecfa.unige.ch??one?(&(objectClass=person)(sn=s*)) ldap://tecfa2.unige.ch/o=tecfa.unige.ch??one?(&(objectClass=person)(sn=s*))] (Almost) full entries for persons who's surname starts with "s"

Some queries printing MUCH less:

  • ldap://tecfa2.unige.ch/o=tecfa.unige.ch?mail?one?(objectClass=person) Prints entries (uid) mail
  • [ldap://tecfa2.unige.ch/o=tecfa.unige.ch?mail?one?(&(objectClass=person)(sn=s*)) ldap://tecfa2.unige.ch/o=tecfa.unige.ch?mail?one?(&(objectClass=person)(sn=s*))] Print Email for all persons who's surname starts with "s"

Restrict search to organizational units (mhh something I don't like here)

  • [ldap://tecfa2.unige.ch/o=tecfa.unige.ch?cn,labeledUri,mail?sub?(ou=staf) ldap://tecfa2.unige.ch/o=tecfa.unige.ch?cn,mail,labeledUri?sub?(ou=staf)]. Shows Common Name Emails labelled URLs of all the members of the "staf" Organizational Unit.
  • [ldap://tecfa2.unige.ch/o=tecfa.unige.ch?cn,labeledUri,mail?sub?(&(studentCategory=staf)(studentpromotion=D)) ldap://tecfa2.unige.ch/o=tecfa.unige.ch?cn,labeledUri,mail?sub?(&(studentCategory=staf)(studentpromotion=D))] These are custom entries attached to the tecfaPerson Class

PHP

D.K.S.

Retrieved from "https://edutechwiki.unige.ch/mediawiki/index.php?title=LDAP&oldid=16374"