Understanding Search Filters
When you
use the LDAP dialect with the ADSI OLE DB provider to conduct a
search, you must use an LDAP search filter to specify your search
criteria. In a simple case, (objectclass=user)
would be used to select every object with the user objectclass under
the search base. You can in fact use a filter to match the presence
of a value (or not) for any attribute of an object. This enables you
to create powerful searches with complex criteria. For example, you
can search for any group object that has a certain user as a member
and that has a description matching a certain substring.
Tip
Filters must follow the format specified in RFC 2254. You can download RFC 2254 from http://www.ietf.org/rfc/rfc2254.txt.
Although filters let you conduct powerful searches, working with them can seem complex because of the format used, known as prefix notation. To make it easier to understand, we have divided the discussion of filters into two parts: items within a filter and items connecting filters.
Items Within a Filter
Within a filter, you can have three types of items:
- Operators
A filter can include one of three operators. The equal-to (
=
) operator checks for exact equivalence. An example is(name=janet)
. The greater-than-or-equal-to (>=
) and less-than-or-equal-to (<=
) operators check for compliance with a range. Examples are(size>=5)
and(size<=20)
.- Attributes
You can include attributes in filters when you want to determine whether an attribute exists. You simply specify the ...
Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.