Overview#
LDAP Filter Choices are "officially" defined in the Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) by RFC 4520.More specifically at: LDAP Filter Choices
And we outline them below:
| Name | Value | Owner | Reference | Symbol Notation | Example | Comment |
|---|---|---|---|---|---|---|
| and | 0 | IESG | Protocol | (& (...K1...) (...K2...) (...K3...) (...K4...)) | ||
| or | 1 | IESG | Protocol | (| (...K1...) (...K2...) (...K3...) (...K4...)) | (|(cn=jim)(cn=james)) | |
| not | 2 | IESG | Protocol | (!attribute=abc) | (!objectClass=group) | Some DUA applications require (!(attribute=abc)) |
| equalityMatch | 3 | IESG | Protocol | (attribute=abc) | (&(objectclass=user)(displayName=Foeckeler) | |
| substrings | 4 | IESG | Protocol | (mail=*@cerrotorre.de) or (givenName=*Paul*) | (mail=*@cerrotorre.de) or (givenName=*Paul*)) | |
| greaterOrEqual | 5 | IESG | Protocol | (attribute>=abc) | (mdbStorageQuota>=100000) | |
| lessOrEqual | 6 | IESG | Protocol | (attribute<=abc)}}} | (mdbStorageQuota<=100000) | |
| present | 7 | IESG | Protocol | (attribute=*) | (mailNickName=*) | |
| approxMatch | 8 | IESG | Protocol | (attribute~=abc) | (displayName~=Foeckeler) | Caution: ~= is not always supported (Microsoft Active Directory environments) |
| extensibleMatch | 9 | IESG | Protocol | extensible Match |
Many of these are shown in LDAP Query Examples
More Information#
There might be more information for this subject on one of the following:- AND SearchFilter
- EqualityMatch
- Greater-Or-Equal SearchFilter
- LDAP
- LDAP Query Basic Examples
- LDAP SearchFilters
- LDAP Three-valued logic
- LDAP filters Syntax and Choices
- LessThan-Or-Equal SearchFilter
- Lightweight Directory Access Protocol (LDAP) Parameters
- MatchingRule
- OR SearchFilter
- ObjectClass vs ObjectCategory
- Presence SearchFilter
- Substring Search Filter
- Substrings