The LDAP URL Format
RFC 2255

Document Type RFC - Proposed Standard (December 1997; No errata)
Obsoleted by RFC 4510, RFC 4516
Updated by RFC 3377
Obsoletes RFC 1959
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2255 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         T. Howes
Request for Comments: 2255                                    M. Smith
Category: Standards Track                Netscape Communications Corp.
                                                         December 1997

                          The LDAP URL Format

1. Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1997).  All Rights Reserved.

IESG NOTE

   This document describes a directory access protocol that provides
   both read and update access.  Update access requires secure
   authentication, but this document does not mandate implementation of
   any satisfactory authentication mechanisms.

   In accordance with RFC 2026, section 4.4.1, this specification is
   being approved by IESG as a Proposed Standard despite this
   limitation, for the following reasons:

   a. to encourage implementation and interoperability testing of
      these protocols (with or without update access) before they
      are deployed, and

   b. to encourage deployment and use of these protocols in read-only
      applications.  (e.g. applications where LDAPv3 is used as
      a query language for directories which are updated by some
      secure mechanism other than LDAP), and

   c. to avoid delaying the advancement and deployment of other Internet
      standards-track protocols which require the ability to query, but
      not update, LDAPv3 directory servers.

Howes & Smith               Standards Track                     [Page 1]
RFC 2255                    LDAP URL Format                December 1997

   Readers are hereby warned that until mandatory authentication
   mechanisms are standardized, clients and servers written according to
   this specification which make use of update functionality are
   UNLIKELY TO INTEROPERATE, or MAY INTEROPERATE ONLY IF AUTHENTICATION
   IS REDUCED TO AN UNACCEPTABLY WEAK LEVEL.

   Implementors are hereby discouraged from deploying LDAPv3 clients or
   servers which implement the update functionality, until a Proposed
   Standard for mandatory authentication in LDAPv3 has been approved and
   published as an RFC.

2. Abstract

   LDAP is the Lightweight Directory Access Protocol, defined in [1],
   [2] and [3].  This document describes a format for an LDAP Uniform
   Resource Locator.  The format describes an LDAP search operation to
   perform to retrieve information from an LDAP directory. This document
   replaces RFC 1959. It updates the LDAP URL format for version 3 of
   LDAP and clarifies how LDAP URLs are resolved. This document also
   defines an extension mechanism for LDAP URLs, so that future
   documents can extend their functionality, for example, to provide
   access to new LDAPv3 extensions as they are defined.

   The key words "MUST", "MAY", and "SHOULD" used in this document are
   to be interpreted as described in [6].

Howes & Smith               Standards Track                     [Page 2]
RFC 2255                    LDAP URL Format                December 1997

3. URL Definition

   An LDAP URL begins with the protocol prefix "ldap" and is defined by
   the following grammar.

       ldapurl    = scheme "://" [hostport] ["/"
                    [dn ["?" [attributes] ["?" [scope]
                    ["?" [filter] ["?" extensions]]]]]]
       scheme     = "ldap"
       attributes = attrdesc *("," attrdesc)
       scope      = "base" / "one" / "sub"
       dn         = distinguishedName from Section 3 of [1]
       hostport   = hostport from Section 5 of RFC 1738 [5]
       attrdesc   = AttributeDescription from Section 4.1.5 of [2]
       filter     = filter from Section 4 of [4]
       extensions = extension *("," extension)
       extension  = ["!"] extype ["=" exvalue]
       extype     = token / xtoken
       exvalue    = LDAPString from section 4.1.2 of [2]
       token      = oid from section 4.1 of [3]
       xtoken     = ("X-" / "x-") token

   The "ldap" prefix indicates an entry or entries residing in the LDAP
   server running on the given hostname at the given portnumber. The
   default LDAP port is TCP port 389. If no hostport is given, the
   client must have some apriori knowledge of an appropriate LDAP server
   to contact.

   The dn is an LDAP Distinguished Name using the string format
   described in [1]. It identifies the base object of the LDAP search.

   ldapurl    = scheme "://" [hostport] ["/"
                    [dn ["?" [attributes] ["?" [scope]
                    ["?" [filter] ["?" extensions]]]]]]
       scheme     = "ldap"
       attributes = attrdesc *("," attrdesc)
Show full document text