Hitachi Vantara Pentaho Community Wiki
Child pages
  • LDAP Search Filter Syntax
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Useful Information

Starting in version 1.6, security is a feature of the Pentaho BI Platform. Prior to this version, security was only available in the Pentaho Professional BI Platform (now called the Subscription Edition).

Furthermore, this document is relevant only to the Pentaho Professional BI Platform version 1.2.1 or later or the Pentaho BI Platform version 1.6 or later. See the Pentaho Professional BI Platform version 1.2.0 security documentation if you're using Pentaho Professional BI Platform version 1.2.0. (You can find the version you are running in several ways: (1) look at the log when the Pentaho BI Platform starts or (2) look at the bottom right of any page within the Pentaho BI Platform.)

RFC 2254 defines the query syntax for a directory service. The full syntax can be found in that specification. However, an overview of the most frequently used forms is given below.

Basic Form

A search filter contains one or more filter components where each component has one of four forms. In the table below, attribute is a property of an object within the directory and value is a string to match.

Form

Description

(attribute=value)

Returns the objects where attribute EQUAL TO value.

(&(attribute1=value1)(attribute2=value2))

Returns the objects where attribute1 equal to value1 AND attribute2 equal to value2.

(|(attribute1=value1)(attribute2=value2))

Returns the objects where attribute1 equal to value1 OR attribute2 equal to value2.

(!(attribute=value))

Returns the objects where attribute is NOT EQUAL TO value.

Note that the specification defines three other operators in addition to equals: ~=, >=, and <=. These operators are not covered here.

Useful Information

You might see search filters defined in the platform that contain {n} where n is some integer. Note that this syntax is not part of the search filter specification. Instead, it is a placeholder using MessageFormat syntax. The platform substitutes the values of the filter arguments into this filter expression and the resulting search filter is compliant with the search filter specification. That is the string that is sent to the directory service.

Wildcards

Values can contain asterisks. An asterisk represents zero or more characters. When it appears as the only character on the right hand side, it can be used as a test for the presence of an attribute.

Examples

Example

Description

(cn=joe)

Return all objects where attribute cn has the value joe.

(&(objectClass=person)(cn=joe))

Return all objects where attribute objectClass has the value person and attribute cn has the value joe.

(|(objectClass=person)(objectClass=organizationalRole))

Return all objects where attribute objectClass has the value person or the value organizationalRole.

(!(cn=joe))

Return all objects where attribute cn does not have the value joe.

(cn=*)

Return all objects where attribute cn is present.

(cn=*Smith)

Return all objects where attribute cn ends with "Smith".

  • No labels