On 1 Oct 2013, at 22:16, Quanah Gibson-Mount <qua...@zimbra.com> wrote:
> --On Tuesday, October 01, 2013 9:19 PM +0100 Chris Ridd <chrisr...@mac.com>
> wrote:
>
>>
>> On 1 Oct 2013, at 19:46, Clément OUDOT <clem.ou...@gmail.com> wrote:
>>
>>> You use a base in ldapsearch and a filter in your code. Use 'base' in
>>> search() to set the search base.
>>
>> For Paul's benefit: what's happening here is that LDAP searches *require*
>> that a search base is specified, a search scope is specified, and so on.
>> There are no defaults for these parameters in the protocol.
>
> Not quite true. If you don't specify a scope, all LDAP servers I've dealt
> with default to sub.
The search scope is not OPTIONAL in the protocol, and it has no DEFAULT value
either. If the client isn't passing a scope, it isn't sending a complete and
parseable SearchRequest and the server is liable to disconnect the client.
See RFC 4511 section 4.5.1.
I think what you're seeing in your script is actually Net::LDAP's defaults
(LDAP.pm lines 451-481). It isn't just the ldapsearch tool that has defaults :-)
Net::LDAP's defaults aren't documented (should they be?) but are currently:
base: "" (i.e. root)
scope: 2 (i.e. sub)
derefAliases: 2 (i.e. derefFindingBaseObj)
sizeLimit: 0 (i.e. no limit)
timeLimit: 0 (i.e. no limit)
typesOnly: false (i.e. return types and values)
attributes: [] (i.e. all user attributes)
There's no default filter.
Regards,
Chris
