Overview#
LDAP Query Basic Examples are some simple examples of LDAP Search Filters Examples as used in a Search Request showing some of the LDAP Filter Choices.Return all LDAP Entries for an AttributeType#
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(mail=*)" # returns all entries which have a mail attributeor entries without a Attribute Value
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(!(mail=*))" # returns all entries which have no mail attribute value
Return All LDAP Entries#
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(objectclass=*)" # returns all entries
Wildcard LDAP SearchFilters#
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(mail=*@*)" # return entries with any valid [rfc822Name] [mail] address ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(sn=s*)" # returns entries with surnames starting with s or S ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(telephonenumber=*555)" # return entries with telephone numbers that end with 555 ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(cn=*a*i*)" # return entries with common names with both a and i anywhere
Compound LDAP SearchFilters using AND SearchFilter#
Must have value that match all of the individual LDAP SearchFilters (used above)ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(&(mail=*@*)(sn=s*)(telephonenumber=*555)(cn=*a*i*))
Compound LDAP SearchFilters using OR SearchFilter#
Must have value that will match all anyone the individual LDAP SearchFilters (used above)ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(|(mail=*@*)(sn=s*)(telephonenumber=*555)(cn=*a*i*))
Date (GeneralizedTime) LDAP SearchFilters #
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(createTimestamp>=20190101000000Z)" # will match any entry that has a createTimestamp value that is __greater than or equal__ to 20190101000000Z. ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(createTimestamp<=20200101500000Z)" # will match any entry that has a createTimestamp value that is __less than or equal__ to 20200101500000Z.
Match any dates Greater than or equal to 20190101000000Z but less than or equal to 20200101500000Z
ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(&(createTimestamp>=20190101000000Z)(createTimestamp<=20200101500000Z))"
Exact Match#
Shows an EqualityMatch LDAP Filter Choiceldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(sn=smith)" # exact match returns Smith but NOT Smit ldapsearch -D "cn=exampleuser,example.com" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(objectclass=person)" #return entries which use person objectclass