Chat now with support
Chat with Support

Quest has tools and processes in place to identify, protect, detect, and remediate vulnerabilities and incidents when they occur, including external security partners. As part of our standard security operations, Quest does not use CrowdStrike in any of our operations. We are reviewing our third parties, and so far, there is minimal affect. It is Quest's policy not to provide further technical details unless they directly impact customer data.

Active Roles On Demand Hosted - User Guide

Introduction Getting Started One Identity Starling Two-factor Authentication for Active Roles User or Service Account Management Group Management Computer Account Management Organizational Unit Management Management of Contacts Management of Exchange Recipients

LDAP syntax

Search filters enable you to define search criteria and provide more efficient and effective searches. The search filters are represented by Unicode strings.

The Active Roles console supports the standard LDAP search filters as defined in RFC2254.

The following table lists some examples of standard LDAP search filters.

Table 5: LDAP search filters

Search filter

Description

(objectClass=*)

All objects

(&(objectCategory=person)(objectClass=user)(!cn=andy))

All user objects but "andy"

(sn=sm*)

All objects with a surname that starts with "sm"

(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))

All contacts with a surname equal to "Smith" or "Johnson"

Search filter format

Search filters use one of the following formats:

<filter>=(<attribute><operator><value>)

or

(<operator><filter1><filter2>)

In this example, <attribute> stands for the LDAP display name of the attribute by which you want to search.

Operators

The following table lists some frequently used search filter operators.

Table 6: Operators

Logical Operator

Description

=

Equal to

~=

Approximately equal to

<=

Lexicographically less than or equal to

>=

Lexicographically greater than or equal to

&

AND

|

OR

!

NOT

Wildcards

You can also add wildcards and conditions to a search filter. The following examples show substrings that can be used to search the directory.

Get all entries:

(objectClass=*)

Get entries containing “bob” somewhere in the common name:

(cn=*bob*)

Get entries with a common name greater than or equal to “bob”:

(cn>='bob')

Get all users with an e-mail attribute:

(&(objectClass=user)(mail=*))

Get all user entries with an e-mail attribute and a surname equal to “smith”:

(&(sn=smith)(objectClass=user)(mail=*))

Get all user entries with a common name that starts with “andy”, “steve”, or “margaret”:

(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))

Get all entries without an e-mail attribute:

(!(mail=*))

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating