Chat now with support
Chat with Support

Active Roles 7.6 - User Guide

Introduction Getting Started One Identity Starling Two-factor Authentication for Active Roles User or Service Account Management Group Management Computer Account Management Organizational Unit Management Management of Contacts Management of Exchange Recipients

LDAP syntax

Search filters enable you to define search criteria and provide more efficient and effective searches. The search filters are represented by Unicode strings.

The Active Roles console supports the standard LDAP search filters as defined in RFC2254.

The following table lists some examples of standard LDAP search filters.

Table 5: LDAP search filters

Search filter

Description

(objectClass=*)

All objects

(&(objectCategory=person)(objectClass=user)(!cn=andy))

All user objects but "andy"

(sn=sm*)

All objects with a surname that starts with "sm"

(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))

All contacts with a surname equal to "Smith" or "Johnson"

Search filter format

Search filters use one of the following formats:

<filter>=(<attribute><operator><value>)

or

(<operator><filter1><filter2>)

In this example, <attribute> stands for the LDAP display name of the attribute by which you want to search.

Operators

The following table lists some frequently used search filter operators.

Table 6: Operators

Logical Operator

Description

=

Equal to

~=

Approximately equal to

<=

Lexicographically less than or equal to

>=

Lexicographically greater than or equal to

&

AND

|

OR

!

NOT

Wildcards

You can also add wildcards and conditions to a search filter. The following examples show substrings that can be used to search the directory.

Get all entries:

(objectClass=*)

Get entries containing “bob” somewhere in the common name:

(cn=*bob*)

Get entries with a common name greater than or equal to “bob”:

(cn>='bob')

Get all users with an e-mail attribute:

(&(objectClass=user)(mail=*))

Get all user entries with an e-mail attribute and a surname equal to “smith”:

(&(sn=smith)(objectClass=user)(mail=*))

Get all user entries with a common name that starts with “andy”, “steve”, or “margaret”:

(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))

Get all entries without an e-mail attribute:

(!(mail=*))

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating