Referrals use LDAP URLs to redirect a client application’s request to another server. LDAP URLs have a specific format, described in RFC 4516 and require that all special characters be properly escaped and any spaces indicated as "%20". LDAP URLs have the following syntax:

  • ldap[s] indicates the type of LDAP connection to the Directory Server. If the Directory Server connects over a standard, non-encrypted connection, then ldap is used; if it connects over SSL, then ldaps is used. Note that any search request initiated by means of an LDAP URL is anonymous by default, unless an LDAP client provides authentication.
  • hostname specifies the host name or IP address of the Directory Server.
  • port specifies the port number of the Directory Server. If no port number is provided, the default LDAP port (389) or LDAPS port (636) is used.
  • base-dn specifies the distinguished name (DN) of an entry in the DIT. The Directory Server uses the base DN as the starting point entry for its searches. If no base DN is provided, the search begins at the root of the DIT.
  • attributes specifies those attributes for which the Directory Server should search and return. You can indicate more than one attribute by providing a comma-separated list of attributes. If no attributes are provided, the search returns all attributes.
  • scope specifies the scope of the search, which could be one of the following: base (only search the specified base DN entry), one (only search one level below the specified base DN), sub (search the base entry and all entries below the specified base DN). If no scope is provided, the server performs a base search.
  • filter specifies the search filter to apply to entries within the scope of the search. If no filter is provided, the server uses +.