ldapurl — LDAP URL formatting tool


ldapurl [ −a attrs ] [ −b searchbase ] [ −e [!] ext [=extparam] ] [ −E [!] ext [=extparam] ] [ −f filter ] [ −H ldapuri ] [ −h ldaphost ] [ −p ldapport ] [ −s base | one | sub | children ] [ −S scheme ]


ldapurl is a command that allows one to either compose or decompose LDAP URIs.

When invoked with the −H option, ldapurl extracts the components of the ldapuri option argument, unescaping hex-escaped chars as required. It basically acts as a frontend to the ldap_url_parse(3) call. Otherwise, it builds an LDAP URI based on the components passed with the appropriate options, performing the inverse operation. Option −H is incompatible with options −a, −b, −E, −f, −H, −h, −p, −S, and −s.


−a attrs

Set a comma-separated list of attribute selectors.

−b searchbase

Set the searchbase.

−e [!]ext[=extparam]

Specify general extensions with −e '!' indicates criticality.

General extensions:

  [!]assert=<filter>    (an RFC 4515 Filter)
  !authzid=<authzid>    ("dn:<dn>" or "u:<user>")
  [!]bauthzid           (RFC 3829 authzid control)
  [!]postread[=<attrs>] (a comma-separated attribute list)
  [!]preread[=<attrs>]  (a comma-separated attribute list)
  abandon,cancel,ignore (SIGINT sends abandon/cancel,
  or ignores response; if critical, doesn't wait for SIGINT.
  not really controls)
−E [!]ext[=extparam]

Set URL extensions; incompatible with −H.

−f filter

Set the URL filter. No particular check on conformity with RFC 4515 LDAP filters is performed, but the value is hex-escaped as required.

−H ldapuri

Specify URI to be exploded.

−h ldaphost

Set the host.

−p ldapport

Set the TCP port.

−S scheme

Set the URL scheme. Defaults for other fields, like ldapport, may depend on the value of scheme.

−s {base|one|sub|children}

Specify the scope of the search to be one of base, one, sub, or children to specify a base object, one-level, subtree, or children search. The default is sub. Note: children scope requires LDAPv3 subordinate feature extension.


If the −H option is used, the ldapuri supplied is exploded in its components, which are printed to standard output in an LDIF-like form.

Otherwise, the URI built using the values passed with the other options is printed to standard output.


The following command:

    ldapurl −h −b dc=example,dc=com −s sub −f "(cn=Some One)"



The command:

    ldapurl −H ldap://,dc=com??sub?(cn=Some%20One)


    scheme: ldap
    port: 389
    dn: dc=example,dc=com
    scope: sub
    filter: (cn=Some One)


Exit status is zero if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error.


ldap(3), ldap_url_parse(3),


The OpenLDAP Project <>


OpenLDAP Software is developed and maintained by The OpenLDAP Project <>. OpenLDAP Software is derived from the University of Michigan LDAP 3.3 Release.

See the following documents: COPYRIGHTLICENSE