The Search filters property specifies a search filter string in LDAP format. This part of the LDAP search syntax makes it possible to search for specific objects based on object attributes. Set up a filter string in accordance with LDAP syntax rules. The default filter string is “(objectClass=*)”, which retrieves all objects. Another example is “(objectClass=user)”, which causes the search to retrieve only user accounts.
When configuring a filter string, follow these guidelines:
- The string must be enclosed in parentheses.
- Expressions can use the relational operators: <, <=, =, >=, and >. An example is “(objectClass=user)” or “(givenName=Adam)”.
- Compound expressions are formed with the prefix operators & and |. An example is (&(objectClass=user)(givenName=Adam)).
For more information about the filter string format, see the “Search Filter Syntax” topic in the MSDN Library (http://go.microsoft.com/fwlink/?LinkID=111710).
The Displayed attributes property specifies a list of the attributes to retrieve during the search. These are the attributes that will be displayed in the list of search results. Each attribute is identified by its LDAP display name. Type the names of the attributes you want to retrieve, or select attributes from a list. Separate attribute names by commas.
The default setting for this property is “name,objectClass,description”, which displays a three-column list of search results. For every object returned by the search, the Web Interface lists the name, type, and description of the object.
- The Search scope property specifies the depth of the search. The options for this property are:
- Base This option limits the search to the object specified by the Base DN property (base object). The search returns either one object or no objects, depending upon the search filter.
- One-level This option restricts the search to the immediate children of the base object, but excludes the base object itself. The search returns the immediate child objects that match the search filter.
- Subtree With this option, the search filter is applied to the base object as well as to all objects that exists below it in the directory tree. The search returns all child objects that match the search filter. If the base object matches the filter, the base object is also included in the search results.
- Attribute scope query by this attribute With this option, the command searches in a certain attribute of the base object (target attribute). The target attribute is identified by the LDAP display name specified as part of this option, and must be an attribute that stores distinguished names, such as the “member” or “managedBy” attribute. The search is performed against the objects that are identified by the distinguished names found in the target attribute. For example, if the base object is a group and the “member” attribute is specified as the target, then the search will be performed against all objects that are members of the group, and will return the members of the group that match the search filter.
The Sort by property specifies the attribute based on which the list of search results should be sorted, to group similar attribute values together in an easy-to-read list. Type the LDAP display name of any attribute that is listed in the Displayed attributes property.