Search filters enable you to define search criteria and provide more efficient and effective searches. The search filters are represented by Unicode strings.
The Active Roles Console supports the standard LDAP search filters as defined in RFC 2254.
The following table lists some examples of standard LDAP search filters.
Table 5: LDAP search filters
(objectClass=*) |
All objects |
(&(objectCategory=person)(objectClass=user)(!cn=andy)) |
All user objects but andy |
(sn=sm*) |
All objects with a surname that starts with sm |
(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson))) |
All contacts with a surname equal to Smith or Johnson |
Search filters use one of the following formats:
In this example, <attribute> stands for the LDAP display name of the attribute by which you want to search.
The following table lists some frequently used search filter operators.
Table 6: Operators
= |
Equal to |
~= |
Approximately equal to |
<= |
Lexicographically less than or equal to |
>= |
Lexicographically greater than or equal to |
& |
AND |
| |
OR |
! |
NOT |
You can add wildcards and conditions to a search filter. The following examples show substrings that can be used to search the directory.
(objectClass=*) |
Get all entries |
(cn=*bob*) |
Get entries containing bob somewhere in the common name |
(cn>='bob') |
Get entries with a common name greater than or equal to bob |
(&(objectClass=user)(mail=*)) |
Get all users with an email attribute |
(&(sn=smith)(objectClass=user)(mail=*)) |
Get all user entries with an email attribute and a surname equal to smith |
(&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret)) |
Get all user entries with a common name that starts with andy, steve, or margaret |
(!(mail=*)) |
Get all entries without an email attribute |