{scrollbar}

RFC 2254 defines the query syntax for a directory service. The full syntax can be found in that specification. However, an overview of the most frequently used forms is given below.

Basic Form

A search filter contains one or more filter components where each component has one of four forms. In the table below, attribute is a property of an object within the directory and value is a string to match.

Form

Description

(attribute=value)

Returns the objects where attribute EQUAL TO value.

(&(attribute1=value1)(attribute2=value2))

Returns the objects where attribute1 equal to value1 AND attribute2 equal to value2.

(|(attribute1=value1)(attribute2=value2))

Returns the objects where attribute1 equal to value1 OR attribute2 equal to value2.

(!(attribute=value))

Returns the objects where attribute is NOT EQUAL TO value.

Note that the specification defines three other operators in addition to equals: ~=, >=, and <=. These operators are not covered here.

Note: You might see search filters defined in the platform that contain {n} where n is some integer. Note that this syntax is not part of the search filter specification. Instead, it is a placeholder using MessageFormat syntax. The platform substitutes the values of the filter arguments into this filter expression and the resulting search filter is compliant with the search filter specification. That is the string that is sent to the directory service.

Wildcards

Values can contain asterisks. An asterisk represents zero or more characters. When it appears as the only character on the right hand side, it can be used as a test for the presence of an attribute.

Examples

Example

Description

(cn=joe)

Return all objects where attribute cn has the value joe.

(&(objectClass=person)(cn=joe))

Return all objects where attribute objectClass has the value person and attribute cn has the value joe.

(|(objectClass=person)(objectClass=organizationalRole))

Return all objects where attribute objectClass has the value person or the value organizationalRole.

(!(cn=joe))

Return all objects where attribute cn does not have the value joe.

(cn=*)

Return all objects where attribute cn is present.

(cn=*Smith)

Return all objects where attribute cn ends with "Smith".