4.1 Simple Search Scenario

If the client is directed to search for a user named "Robin" in an AD-type server, the following sequence of events occurs:

  • The client sends an LDAP Bind request to the server, as described in [RFC4511].

     BindRequest (0x00):
     Version:3
     Name:Null
     authentication: Authentication type = sasl
    
  • The LDAP server receives the request and returns a Bind response to the client, as described in [RFC4511].

     BindResponse (0x01):
     Status: Success
     MatchedDN: Null
     ErrorMessage: Null
    
  • The client sends a search request to the server for the defaultNamingContext attribute, as described in section 3.1.5.1.1.

      
     SearchRequest (0x03):
     BaseObject: Null
     Scope: baseObject
     Alias: neverDerefAliases
     SizeLimit: 0 (no limit)
     TimeLimit: 0 (no limit)
     TypesOnly: False
     Filter: (objectClass=*)
     Attributes: (objectClass)(defaultNamingContext)
    
  • The LDAP server returns the search base to the client in the defaultNamingContext attribute.

      
     SearchResultEntry (0x04):
     ObjectNames: Null
     Attributes Returned:
     defaultNamingContext: (DC=company,DC=corp,DC=contoso,DC=com)
      
     SearchResultDone(0x05):
     Status: Success
     MatchedDN: NULL
     ErrorMessage: NULL
    
  • The client uses the search base and the simple query described in section 3.1.5.1.2 to send another search request to the server.

      
     Search Request (0x03):
     BaseObject: (DC=company,DC=corp,DC=contoso,DC=com)
     Scope: WholeSubtree
     Alias: derefAlways
     SizeLimit: 100 entries
     TimeLimit: 60 seconds
     TypesOnly: False
     Filter:(&(|(mail=robin*)(cn=robin*)(sn=robin*)(givenName=robin*)
     (displayName=robin*)))Attributes: (cn)(commonName)(mail)(roleOccupant)
     (display-name)(displayname)(sn)(surname)(c)(organizationName)(o)(givenName)
     (legacyExchangeDN)(objectClass)(uid)(mailNickname)(title)(company)
     (physicalDeliveryOfficeName)(telephoneNumber)
      
    
  • The LDAP server returns results that match the query. The trace below represents one result that matched the query.

      
     SearchResultsEntry (0x04):
     ObjectName: CN=Robin,OU=UsersOU,DC=company,DC=corp,DC=contoso,DC=com
     Attributes:
     objectClass: ( top ) ( person ) (organizationalPerson ) ( user )
     cn: Robin Wood
     sn: Wood
     title: Dr.
     physicalDeliveryOfficeName: 36/2495
     telephoneNumber: 1 (425) 555-0534
     givenName: Robin
     displayName: Robin Wood
     company: contoso
     mailNickname: robin
     legacyExchangeDN: /o=contoso/ou=First Admin Group/cn=Recipents/cn=robin
     mail: robin@contoso.com
      
     SearchResultDone(0x05):
     Status: Success
     MatchedDN: NULL
     ErrorMessage: NULL
    
  • The client sends an LDAP Unbind request to the server, as described in [RFC4511].

      
     UnbindRequest(0x02)
    
  • The client uses the attributes returned by the server to display the search results to the user.

Show: