Unmasking the LDAP Search Filter - Page 2

By  Hallett German | Feb 25, 2004
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Approximate Search Filters

Greater Than/Greater Equal (>,>=) - Returns records that are greater than or greater than equal to the attribute value. For example, (sn>foutley) will return values that sort higher than the string "foutley." The sort order is determined by the matching rule associated with the attribute.

Less Than/Equal (<,<=)- Returns records that are less than or less than equal to the attribute value.

Approximately Equal(~=)- Returns records that are close to the attribute value. For example, (givenname~=curt) may return those with first names of kurt or curtis. This can be a useful search if you do not know the exact spelling of a name.

Compound Filters

Compound filters are just like the familiar Boolean operators in any other programming language or search function. Important note: The compound filter is placed before the search filter and it is enclosed in its own set of parentheses.

NOT(!) - Returns records that do not match any search filter criteria. This filter may be used either alone or with other compound filters. For example (!(uid=kurt)) will return those records that have a user id not equal to kurt. Note this includes those records where uid is not present.

AND (&)- Returns records that match all multiple search filter conditions. For example, (&(l=USA)(sn=smithers)) returns those records with a locality of USA and a last name of smithers.

OR (|)- Returns records that match at least one of the multiple search filter conditions. For example, (|(l=UK) (l=USA)) returns those records in either the USA or UK locality (country in this case). Note that this could easily be a long search returning many records.

Examples LDAP Search Functions

To help you get the hang of the system, we have included some examples to ponder.

(&(l=USA)(!(sn=patel))) - Shows all records in the USA locality that do not have a last name of patel.

(!(&(drink=beer)(description=pagan))) - Shows all records where drink is not equal to beer and description is not equal to pagan. Removing the not operator WILL return a record at a popular open LDAP directory site.

(!(uid=*)) - Returns all records without a UID.

hrgerman@gte.net

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >