Syntax and Operators#Are boolean expressions that are used within LDAP SearchFilters and demonstrate how they can be used for LDAP Query Examples that can be used to find specific information using LDAP.
An LDAP SearchFilters consists of one or more boolean expressions, with logical operators prefixed to the expression list. The boolean expressions use the following format:
Attribute Operator Valuewhere Attribute is a valid LDAP attribute name and Value is the the field value.
The filter syntax supports the =, ~=, <, <=, >, >= and ! operators, and provides limited substring matching using the * operator.
In addition, the syntax also supports calls to matching extensions defined in the LDAP data source.
White space is not used as a separator between attribute, operator and value, and that string values are not specified using quotation marks.
Nested Filters#LDAP filters consist of one or more boolean expression(s) which can be linked together by using operator choices. The operators are always placed in front of the operands. This is the so-called 'Polish Notation'. The search criteria have to be put in parentheses and then the whole term has to be bracketed one more time.
& (...K1...) (...K2...)or with more than two criteria:
(& (...K1...) (...K2...) (...K3...) (...K4...))
(| (...K1...) (...K2...))
or with more than two criteria:
(| (...K1...) (...K2...) (...K3...) (...K4...))
Every AND/OR operation can also be understood as a single criterion:
(|(& (...K1...) (...K2...))(& (...K3...) (...K4...)))means:
(K1 AND K2) OR (K3 AND K4)
Operands Operators operate on individual operands for an LDAP attribute, e.g. (givenName=Sandra). Following rules should be considered:
|Proximity||(attribute~=abc)||(displayName~=Foeckeler)||Caution: ~= is not always supported (AD environments)|
|Wildcards||(sn=F*)||(firstname.lastname@example.org) or (givenName=*Paul*)|