LDAP Queries
An LDAP query can be specified as a parameter when listing attribute names and saving LDAP containers.
These functions are accomplished using the following functions: listAttributeNames and saveContainer.
Query strings must be enclosed in parentheses. This allows you to specify multiple strings, each one enclosed in its own parentheses (see the examples below).
You can use the following special characters with query strings:
Special Character | Meaning |
---|---|
* | Wild card character. Matches zero or more of any character. |
& | Logical AND. Returns resources that satisfy the first string AND the second string.
Place this special character to the left of the first query string, then enclose the entire expression in parentheses, as follows: (&(string1)(string2)) |
| | Logical OR. Returns resources that satisfy the first string OR the second string.
Place this special character to the left of the first query string, then enclose the entire expression in parentheses, as follows: (|(string1)(string2)) |
! | NOT. This means that you want all resources that do NOT match the specified value.
Place this special character to the left of the query string to which it applies, inside of the parentheses: (!(string)) |
The following are some examples.
- The following query returns all resources that have
sn attribute values beginning with “s”:
(sn=s*)
- The following query returns all resources that have
sn
attribute values beginning with “s”
or “p”:
(|(sn=s*)(sn=p*))
- The following query returns all resources with
carlicense attribute values equal to “Full”
and
employeetype attribute values equal to “Permanent”:
(&(carlicense=Full)(employeetype=Permanent))
- The following query returns all resources where
sn
attribute values
don’t
start with “s” and
don’t start with “p”:
(&(!(sn=s*))(!(sn=p*)))