(Input) Specifies the DN of the entry at which to start the search.
scope
(Input) Specifies the scope of the search. It can be
LDAP_SCOPE_BASE (to search the object itself), or
LDAP_SCOPE_ONELEVEL (to search the object's immediate children), or
LDAP_SCOPE_SUBTREE (to search the object and all its
descendents).
filter
(Input) Specifies a string representation of the filter to apply in the
search. Simple filters can be specified as attributetype=attributevalue. More
complex filters are specified using a prefix notation according to the
following BNF:
The '~=' construct is used to specify approximate matching. The
representation for <attributetype> and <attributevalue> are as
described in RFC 2252, "Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions." In addition, <attributevalue> can be a single * to
achieve an attribute existence test, or can contain text and *'s interspersed
to achieve substring matching.
For example, the filter "(mail=*)" will find any entries that have a mail
attribute. The filter "(mail=*@student.of.life.edu)" will find any entries that
have a mail attribute ending in the specified string.
More complex filters are created using the & and | operators. For
example, the filter "(&(objectclass=person)(mail=*))" will find any entries
that have an objectclass of person and a mail attribute. To put parentheses or
asterisks in a filter, escape them with a backslash '\' character. See RFC
2254, "A String Representation of LDAP Search Filters," for a more complete
description of allowable filters.
attrs
(Input) Specifies a null-terminated array of character string attribute
types to return from entries that match filter. If NULL is specified,
all attributes will be returned.
attrsonly
(Input) Specifies attribute information. Attrsonly should be set
to 1 to request attribute types only. Set to 0 to request both attributes types
and attribute values.
serverctrls
(Input) Specifies a list of LDAP server controls. This parameter may be set
to null. See Controls for LDAP APIs for more information
about server controls.
clientctrls
(Input) Specifies a list of LDAP client controls. This parameter may be set
to null. See Controls for LDAP APIs for more information
about client controls.
sizelimit
(Input) Specifies the maximum number of entries to return. Note that the
server may set a lower limit which is enforced at the server.
timeout
(Input) The local search timeout value and the operation time limit that is
sent to the server within the search request.
res
(Output) Contains the result of the synchronous search operation. This
result should be passed to the LDAP parsing routines (see ldap_first_entry(),
ldap_next_entry(), and so on). The caller is responsible for freeing
res with ldap_msgfree().
If ldap_search_ext_s() is not successful, an error code
will be returned. See LDAP Client API Error
Conditions for possible values for the error codes.
Error Messages
The following message may be sent from this function.
Message ID
Error Message Text
CPF3CF2 E
Error(s) occurred during running of
ldap_search_ext_s API.
ldap_search() -- Asynchronously search the
directory.
ldap_search_ext() -- Asynchronously
search the directory with controls.
ldap_search_st() -- Synchronously search
the directory with timeout.
The ldap_search_ext_s() API supports LDAP V3 server
controls, client controls, and allows varying size and time limits to be easily
specified for each search operation.