Chapter 4 presented LDAP searches as a means of verifying the correctness of your directory. That's obviously a very limited use of the search capability: a directory isn't much use if you can't search it. Given our limited goals in the previous chapter, we didn't do justice to the topic of search filters. It's now time to take a more thorough look at the topic of filters.
In its commonly used form, an LDAP search filter has the following syntax:
attribute is the actual name of the
attribute type. The
is one of:
For equality matches
For approximate matches
For less than comparisons
For greater than comparisons
If you deal only with string comparisons, you may only need the equality operator.
value portion can be either an
absolute value, such as
555-1234, or a pattern using the asterisk (*)
character as a wildcard. Here are some wildcard searches:
Finds all entries whose
cn attribute ends in
"carter" (not just those with a
last name of Carter)
Finds all telephone numbers beginning with 555
You can combine single filters like these using the following Boolean operators:
LDAP search filters use prefix notation for joining search
conditions. Therefore, to search for users with a surname
sn) of "smith"
or "jones," you can build the
attribute uses a case-insensitive ...