Search filters enable you to define search criteria and provide more efficient and effective searches. The search filters are represented by Unicode strings.
The Active Roles console supports the standard LDAP search filters as defined in RFC2254.
The following table lists some examples of standard LDAP search filters.
Table 5: LDAP search filters
(objectClass=*)
|
All objects |
(&(objectCategory=person)(objectClass=user)(!cn=andy))
|
All user objects but "andy" |
(sn=sm*)
|
All objects with a surname that starts with "sm" |
(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))
|
All contacts with a surname equal to "Smith" or "Johnson" |
Search filters use one of the following formats:
<filter>=(<attribute><operator><value>)
or
(<operator><filter1><filter2>)
In this example, <attribute> stands for the LDAP display name of the attribute by which you want to search.
The following table lists some frequently used search filter operators.
Table 6: Operators
= |
Equal to |
~= |
Approximately equal to |
<= |
Lexicographically less than or equal to |
>= |
Lexicographically greater than or equal to |
& |
AND |
| |
OR |
! |
NOT |
You can also add wildcards and conditions to a search filter. The following examples show substrings that can be used to search the directory.
Get all entries:
(objectClass=*)
Get entries containing “bob” somewhere in the common name:
(cn=*bob*)
Get entries with a common name greater than or equal to “bob”:
(cn>='bob')
Get all users with an e-mail attribute:
(&(objectClass=user)(mail=*))
Get all user entries with an e-mail attribute and a surname equal to “smith”:
(&(sn=smith)(objectClass=user)(mail=*))
Get all user entries with a common name that starts with “andy”, “steve”, or “margaret”:
(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))
Get all entries without an e-mail attribute:
(!(mail=*))