Unmasking the LDAP Search Filter - Page 2

 By Hallett German
Page 2 of 3   |  Back to Page 1
Print Article

Approximate Search Filters

Greater Than/Greater Equal (>,>=) - Returns records that are greater than or greater than equal to the attribute value. For example, (sn>foutley) will return values that sort higher than the string "foutley." The sort order is determined by the matching rule associated with the attribute.

Less Than/Equal (<,<=)- Returns records that are less than or less than equal to the attribute value.

Approximately Equal(~=)- Returns records that are close to the attribute value. For example, (givenname~=curt) may return those with first names of kurt or curtis. This can be a useful search if you do not know the exact spelling of a name.

Compound Filters

Compound filters are just like the familiar Boolean operators in any other programming language or search function. Important note: The compound filter is placed before the search filter and it is enclosed in its own set of parentheses.

NOT(!) - Returns records that do not match any search filter criteria. This filter may be used either alone or with other compound filters. For example (!(uid=kurt)) will return those records that have a user id not equal to kurt. Note this includes those records where uid is not present.

AND (&)- Returns records that match all multiple search filter conditions. For example, (&(l=USA)(sn=smithers)) returns those records with a locality of USA and a last name of smithers.

OR (|)- Returns records that match at least one of the multiple search filter conditions. For example, (|(l=UK) (l=USA)) returns those records in either the USA or UK locality (country in this case). Note that this could easily be a long search returning many records.

Examples LDAP Search Functions

To help you get the hang of the system, we have included some examples to ponder.

(&(l=USA)(!(sn=patel))) - Shows all records in the USA locality that do not have a last name of patel.

(!(&(drink=beer)(description=pagan))) - Shows all records where drink is not equal to beer and description is not equal to pagan. Removing the not operator WILL return a record at a popular open LDAP directory site.

(!(uid=*)) - Returns all records without a UID.

This article was originally published on Feb 25, 2004
Get the Latest Scoop with Networking Update Newsletter