Using LDAP Filters
An LDAP filter can be specified as a parameter when listing attribute names and saving LDAP containers.
These functions are accomplished using the following requests: listAttributeNames and saveContainer.
Query strings must be enclosed in parentheses. This allows you to specify multiple strings, each one enclosed in its own parentheses (see the examples below).
You can use the following special characters with query strings:
| Special Character | Meaning |
|---|---|
| * | Wild card character. Matches zero or more of any character. |
| & | Logical AND. Returns resources that satisfy the first string AND the second string. Place this special character to the left of the first query string, then enclose the entire expression in parentheses, as follows: (&(string1)(string2)) |
| | | Logical OR. Returns resources that satisfy the first string OR the second string. Place this special character to the left of the first query string, then enclose the entire expression in parentheses, as follows: (|(string1)(string2)) |
| ! | NOT. This means that you want all resources that do NOT match the specified value. Place this special character to the left of the query string to which it applies, inside of the parentheses: (!(string)) |
The following are some examples.
- The following query returns all resources that have sn attribute values beginning with “s”:
(sn=s*)
- The following query returns all resources that have sn attribute values beginning with “s” or “p”:
(|(sn=s*)(sn=p*))
- The following query returns all resources with carlicense attribute values equal to “Full” and employeetype attribute values equal to “Permanent”:
(&(carlicense=Full)(employeetype=Permanent))
- The following query returns all resources where sn attribute values don’t start with “s” and don’t start with “p”:
(&(!(sn=s*))(!(sn=p*)))