Searches for common name values are not case sensitive. When the common name attribute has values associated with a language tag, all of the values are returned. Thus, the following two attribute values both match this filter:. You can also define filters that use different attributes combined together with Boolean operators. When searching for an entry, you can specify attributes associated with that type of entry. For example, when you search for people entries, you can use the cn attribute to search for people with a specific common name.
The operators that you can use in search filters are listed in Table 13—5 :. Returns entries containing attribute values that exactly match the specified value.
Returns entries containing attributes that are greater than or equal to the specified value. For example,. Returns entries containing attributes that are less than or equal to the specified value. Returns entries containing the specified attribute with a value that is approximately equal to the value specified in the search filter.
The following table documents this:. Actually, the parentheses only need to be escaped if they are unmatched, as above. If instead the common name were "James Jim Smith", nothing would need to be escaped. However, any characters, including non-display and foreign characters, can be escaped in a similar manner in an LDAP filter. For example, here are a few foreign characters:.
When your filter clause includes the objectCategory attribute, LDAP does some magic to convert the values for your convenience. The objectCategory attribute is a DN attribute. You can use a filter clause similar to the following:. The following table documents the result of various combinations of clauses specifying values for objectCategory and objectClass:. Use the filter that makes your intent most clear. Also, if you have a choice between using objectCategory and objectClass, it is recommended that you use objectCategory.
That is because objectCategory is both single valued and indexed, while objectClass is multi-valued and not indexed except on Windows Server and above. A query using a filter with objectCategory will be more efficient than a similar filter with objectClass.
Windows Server domain controllers and above have a special behavior that indexes the objectClass attribute. You can take advantage of this if all of your domain controllers are Windows Server , or if you specify a Windows Server domain controller in your query.
For example, to synchronize all objects, the following is typically used in the XML:. For example, to synchronize all users that have a common name that begins with either "A" or "B", you would specify a filter similar to the following:.
Office Office Exchange Server. Not an IT pro? United States English. Post an article. To see the results of your query, select it and click the refresh icon:.
Mastering the basics of LDAP filtering can save you a lot of time and allow you to retrieve information efficiently. To work even more efficiently, have a look at EasyManager. EasyManager extends user properties with two new tabs, so you no longer have to switch between multiple tools to perform daily management:. Try the zero-risk day trial now. Skip to content.
For example, if my users are distinguished by having two objectClass attributes one equal to 'person' and another to 'user' , this is how I would match for it:. The pipe symbol ' ' denotes 'OR'. As this is not a special XML character, it should not need escaping. Wildcards are not supported when used in filters using! See below. As Microsoft Active Directory does not implement extensible matching , the following examples won't work with it. You may want to match part of a DN, for instance when you need to look for your groups in two subtrees of your server.
Note that if using 'not' ie.
0コメント