This document is obsolete. Please
refer to RFC 2255.
Network Working Group T. Howes Request for Comments: 1959 M. Smith Category: Standards Track University of Michigan June 1996
An LDAP URL Format
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
LDAP is the Lightweight Directory Access Protocol, defined in [1] and [2]. This document describes a format for an LDAP Uniform Resource Locator which will allow Internet clients to have direct access to the LDAP protocol. While LDAP currently is used only as a front end to the X.500 directory, the URL format described here is general enough to handle the case of stand-alone LDAP servers (i.e., LDAP servers not back-ended by X.500).
The ldap prefix indicates an entry or entries residing in the LDAP server running on the given <hostname> at the given <portnumber>. The default port is TCP port 389. The <dn> is an LDAP Distinguished Name using the string format described in [1], with any URL-illegal characters (e.g., spaces) escaped using the % method described in RFC 1738.
The <attributes> construct is used to indicate which attributes should be returned from the entry or entries. Individual <attributetype> names are as defined for AttributeType in RFC 1777. If the <attributes> part is omitted, all attributes of the entry or entries should be returned.
The <scope> construct is used to specify the scope of the search to perform in the given LDAP server. The allowable scopes are "base" for a base object search, "one" for a one-level search, or "sub" for a subtree search. If <scope> is omitted, a scope of "base" is assumed.
The <filter> is used to specify the search filter to apply to entries within the specified scope during the search. It has the format specified in [4], with any URL-illegal characters escaped using the % method described in RFC 1738. If <filter> is omitted, a filter of "(objectClass=*)" is assumed.
Note that if the entry resides in the X.500 namespace, it should be reachable from any LDAP server that is providing front-end access to the X.500 directory. If the <hostport> part of the URL is missing, the URL can be resolved by contacting any X.500-back-ended LDAP server.
The following are some example LDAP URLs using the format defined above. An LDAP URL referring to the University of Michigan entry, available from any X.500-capable LDAP server:
ldap:///o=University%20of%20Michigan,c=US
An LDAP URL referring to the University of Michigan entry in a particular ldap server:
This URL corresponds to a base object search of the "o=University of Michigan, c=US" entry using a filter of (objectclass=*), requesting all attributes.
Howes & Smith Standards Track [Page 2]
RFC 1959 An LDAP URL Format June 1996
An LDAP URL referring to only the postalAddress attribute of the University of Michigan entry:
The corresponding LDAP search operation is the same as in the previous example, except that only the postalAddress attribute is requested.
An LDAP URL referring to the set of entries found by querying any X.500-capable LDAP server and doing a subtree search of the University of Michigan for any entry with a common name of "Babs Jensen", retrieving all attributes:
The LDAP URL format does not provide a way to specify credentials to use when resolving the URL. Therefore, it is expected that such requests will be unauthenticated. The security implications of resolving an LDAP URL are the same as those of resolving any LDAP query. See the RFC 1777 for more details.
There is a prototype implementation of the specification defined in this document available. It is an extension to the libwww client library, provided in both source and binary forms. Also included are binary versions of the Mosaic WWW client for various platforms. See the following URL for more details: