LDAP search filter (II)

• LDAPv3 defines an extensible matching filter

  • syntax: attr [“:dn”] [“:” matchingrule] “:=“ value
    • attr is an attribute name
    • “:dn” says that also the attribute in the dn should be searched as well
    • matching rule given by an OID or associated descriptive name
  • examples:
    • (cn:1.2.3.4.5.6:=Mister X) use matching rule 1.2.3.4.5.6 for comparision
    • (o:dn:=company) search for o=company in attributes and also in DN

• Filters can be combined

  • AND operator: & or OR operator: |
    • e.g.: (| (cn=Mister X) (sn=Xerxes)) all entries that have cn=Mister X or sn=Xerxes
    • e.g. (& (cn=Mister X) (mail=*dot.com)) only entries that have both cn=Mister X and a mail address ending with dot.com

Previous slide

Next slide

Back to first slide

View graphic version