Unmasking the LDAP Search Filter - Page 2
Approximate Search Filters
Greater Than/Greater Equal (>,>=) - Returns records that are greater than or greater than equal to the attribute value. For example, (sn>foutley) will return values that sort higher than the string "foutley." The sort order is determined by the matching rule associated with the attribute.
Less Than/Equal (<,<=)- Returns records that are less than or less than equal to the attribute value.
Approximately Equal(~=)- Returns records that are close to the attribute value. For example, (givenname~=curt) may return those with first names of kurt or curtis. This can be a useful search if you do not know the exact spelling of a name.
NOT(!) - Returns records that do not match any search filter criteria. This filter may be used either alone or with other compound filters. For example (!(uid=kurt)) will return those records that have a user id not equal to kurt. Note this includes those records where uid is not present.
AND (&)- Returns records that match all multiple search filter conditions. For example, (&(l=USA)(sn=smithers)) returns those records with a locality of USA and a last name of smithers.
OR (|)- Returns records that match at least one of the multiple search filter conditions. For example, (|(l=UK) (l=USA)) returns those records in either the USA or UK locality (country in this case). Note that this could easily be a long search returning many records.
Examples LDAP Search Functions
To help you get the hang of the system, we have included some examples to ponder.
(&(l=USA)(!(sn=patel))) - Shows all records in the USA locality that do not have a last name of patel.
(!(&(drink=beer)(description=pagan))) - Shows all records where drink is not equal to beer and description is not equal to pagan. Removing the not operator WILL return a record at a popular open LDAP directory site.
(!(uid=*)) - Returns all records without a UID.