jspωiki
LDAP Query Basic Examples

Overview#

LDAP Query Basic Examples are some simple examples of LDAP Search Filters Examples as used in a Search Request showing some of the LDAP Filter Choices.

Return all LDAP Entries for an AttributeType#

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(mail=*)" # returns all entries which have a mail attribute
or entries without a Attribute Value
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(!(mail=*))"" # returns all entries which have no mail attribute value

Return All LDAP Entries#

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(objectclass=*)"" # returns all entries

Wildcard LDAP SearchFilters#

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(mail=*@*)" # return entries with any valid [rfc822Name] [mail] address
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(sn=s*)"" # returns entries with surnames starting with s or S
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(telephonenumber=*555)"" # return entries with telephone numbers that end with 555
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(cn=*a*i*)" # return entries with common names with both a and i anywhere

Compound LDAP SearchFilters using AND SearchFilter#

Must have value that match all of the individual LDAP SearchFilters (used above)
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(&(mail=*@*)(sn=s*)(telephonenumber=*555)(cn=*a*i*))

Compound LDAP SearchFilters using OR SearchFilter#

Must have value that will match all anyone the individual LDAP SearchFilters (used above)
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(|(mail=*@*)(sn=s*)(telephonenumber=*555)(cn=*a*i*))

Date (GeneralizedTime) LDAP SearchFilters #

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(createTimestamp>=20190101000000Z)" # will match any entry that has a createTimestamp value that is __greater than or equal__ to 20190101000000Z.
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(createTimestamp<=20200101500000Z)" # will match any entry that has a createTimestamp value that is __less than or equal__ to 20200101500000Z.

Match any dates Greater than or equal to 20190101000000Z but less than or equal to 20200101500000Z

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(&(createTimestamp>=20190101000000Z)(createTimestamp<=20200101500000Z))" 

Exact Match #

ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(sn=smith)"" # exact match returns Smith but NOT Smit
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(objectclass=person)"" #return entries which use person objectclass

More Information#

There might be more information for this subject on one of the following: