Overview #

MatchingRules are used by LDAP Server Implementations to compare Attribute Values against Assertion Values when performing SearchRequest and Compare Request operations RFC 4511.

MatchingRules are also used when comparing a purported Distinguished Name RFC 4512 with the name of a LDAP Entry.

MatchingRules are also used in Modify Request to identify values to be deleted and to prevent an attribute from containing two equal values.

A matching rule is a LDAP Schema element that defines how the DSA should interact with values of an specific attributeTypes. These are the standard types of matching rules:

EQUALITY (equalityMatch)#

EQUALITY MatchingRules are used to determine whether one attribute value is equal to another as when using the equalityMatch LDAP Filter Choice. This determination is generally made based on the normalized value, and ignores insignificant differences (e.g., differences in capitalization or extra spaces).


ORDERING matching rules are used to determine the relative order between two values in a sorted list. This is used when performing Server Side Sort Control, but it is also used for Greater-Or-Equal SearchFilter and LessThan-Or-Equal SearchFilter LDAP Filter Choices.

SUBSTR (substrings)#

SUBSTR or Substring matching rules are used to determine whether a value contains a given substring.

APPROXIMATE (approxMatch)#

APPROXIMATE matching rules are used to determine whether one value is approximately equal to another. The definition of "approximately equal to" may vary, but one common use is "sounds like".

Extensible Match #

The default search behaviour for any attribute is defined by its MatchingRule for the search TYPE (EQUALITY, SUBSTR or ORDERING). The default search behaviour may be overridden by using an Extensible Match LDAP SearchFilters and specifying a matching Rule (either by name or by OID). These are some Extensible Match Matching Rules.

Component Matching Rules#

In most cases, the Directory Server will use MatchingRules in a completely "behind the scenes" manner without the client needing to know about it. Whenever the client references a given attribute type, then the server will automatically know to use the appropriate matching rules for that attribute. However, it is also possible for the client to request that the server use a specific MatchingRule when performing an operation through the use of an Component Matching Rules

MatchingRules used by DSA#

The set of MatchingRule defined in the DSA may be determined by retrieving the MatchingRule attribute of the Subschema Subentry. For more information about matching rules, see the Understanding matching rules document.

MatchingRules List#

Below are MatchingRule that are required for directory operation, or that are in common use: (RFC 4517)

LDAP String Matching#

More Information#

There might be more information for this subject on one of the following: