LDAP search filters
Search filters
LDAP search filter is a specially formed text. It is used to search for the entries within the directory. LDAP search request returns directory entries from the specified search scope satisfying to the filter.
The following table lists some examples of LDAP search filters:
Search filter | Description |
---|---|
"(objectClass=*)" | All objects. |
"(&(objectCategory=person)(objectClass=user)(!cn=john))" | All user objects but "john". |
"(sn=sm*)" | All objects with a surname that starts with "sm". |
"(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))" | All contacts with a surname equal to "Smith" or "Johnson". |
These search filters use one of the following formats:
- (<attribute><operator><value>)
- (<operator><filter1><filter2>...<filterN>)
Operators
The following table lists frequently used search filter operators.Logical operator | Description |
---|---|
= | Equal to |
~= | Approximately equal to |
<= | Lexicographically less than or equal to |
>= | Lexicographically greater than or equal to |
& | AND |
| | OR |
! | NOT |
Wildcards
You can also add wildcard characters and conditions to an LDAP search filter. The following examples show substrings that can be used to search the directory:Example | Description |
---|---|
(objectClass=*) | Get all entries. |
(cn=*bob*) | Get entries containing "bob" somewhere in the common name. |
(cn>='bob') | Get entries with a common name greater than or equal to "bob". |
(&(objectClass=user)(email=*)) | Get all users with an e-mail attribute. |
(&(sn=smith)(objectClass=user)(email=*)) | Get all user entries with an e-mail attribute and a surname equal to "smith". |
(&(objectClass=user)(|(cn=andy*)(cn=steve*)(cn=margaret*))) | Get all user entries with a common name that starts with "andy","steve", or "margaret". |
(!(email=*)) | Get all entries without an e-mail attribute. |