6443N/A<?
xml version="1.0" encoding="UTF-8"?>
6443N/A ! This work is licensed under the Creative Commons 6443N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 6443N/A ! To view a copy of this license, visit 6443N/A ! or send a letter to Creative Commons, 444 Castro Street, 6443N/A ! Suite 900, Mountain View, California, 94041, USA. 6443N/A ! You can also obtain a copy of the license at 6443N/A ! See the License for the specific language governing permissions 6443N/A ! and limitations under the License. 6443N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6443N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6443N/A ! Portions Copyright [yyyy] [name of copyright owner] 6443N/A ! Copyright 2012 ForgeRock AS 6443N/A<
table xml:
id='filter-operators' 6443N/A version='5.0' xml:
lang='en' 6443N/A <
title>LDAP Filter Operators</
title>
6443N/A <
colspec colnum="1" colwidth="1*"/>
6443N/A <
colspec colnum="2" colwidth="3*" />
6443N/A <
colspec colnum="3" colwidth="3*" />
6443N/A <
entry><
literal>=</
literal></
entry>
6443N/A <
para>Equality comparison, as in <
literal>(sn=Jensen)</
literal>.</
para>
6443N/A <
para>This can also be used with substring matches. For example, to match
6443N/A last names starting with <
literal>Jen</
literal>, use the filter
6443N/A <
literal>(sn=Jen*)</
literal>. Substrings are more expensive for the
6443N/A directory server to index. Substring searches therefore might not be
6443N/A permitted for many attributes.</
para>
6443N/A <
para><
literal>"(cn=My App)"</
literal> matches entries with common name
6443N/A <
literal>My App</
literal>.</
para>
6443N/A <
para><
literal>"(sn=Jen*)"</
literal> matches entries with surname starting
6443N/A with <
literal>Jen</
literal>.</
para>
6443N/A <
entry><
literal><=</
literal></
entry>
6443N/A <
para>Less than or equal to comparison, which works
6443N/A <
para><
literal>"(cn<=App)"</
literal> matches entries with
6443N/A <
literal>commonName</
literal> up to those starting with App
6443N/A (case-insensitive) in alphabetical order.</
para>
6443N/A <
entry><
literal>>=</
literal></
entry>
6443N/A <
para>Greater than or equal to comparison, which works
6443N/A <
para><
literal>"(uidNumber>=1151)"</
literal> matches entries with
6443N/A <
literal>uidNumber</
literal> greater than 1151.</
para>
6443N/A <
entry><
literal>=*</
literal></
entry>
6443N/A <
para>Presence comparison. For example, to match all entries having a
6443N/A <
literal>userPassword</
literal>, use the filter
6443N/A <
literal>(userPassword=*)</
literal>.</
para>
6443N/A <
para><
literal>"(member=*)"</
literal> matches entries with a
6443N/A <
literal>member</
literal> attribute.</
para>
6443N/A <
entry><
literal>~=</
literal></
entry>
6443N/A <
para>Approximate comparison, matching attribute values similar to the
6443N/A <
para><
literal>"(sn~=jansen)"</
literal> matches entries with a surname
6443N/A that sounds similar to <
literal>Jansen</
literal> (Johnson, Jensen, and
6443N/A <
entry><
literal>[:dn][:<
replaceable>oid</
replaceable>]:=</
literal></
entry>
6443N/A <
para>Extensible match comparison.</
para>
6443N/A <
para>At the end of the OID or language subtype, you further specify the
6443N/A matching rule as follows:</
para>
6443N/A <
para>Add <
literal>.1</
literal> for less than</
para>
6443N/A <
para>Add <
literal>.2</
literal> for less than or equal to</
para>
6443N/A <
para>Add <
literal>.3</
literal> for equal to (default)</
para>
6443N/A <
para>Add <
literal>.4</
literal> for greater than or equal to</
para>
6443N/A <
para>Add <
literal>.5</
literal> for greater than</
para>
6443N/A <
para>Add <
literal>.6</
literal> for substring</
para>
6443N/A <
para><
literal>(uid:dn:=bjensen)</
literal> matches entries where
6443N/A <
literal>uid</
literal> having the value <
literal>bjensen</
literal> is
6443N/A a component of the entry DN.</
para>
6443N/A <
para><
literal>(lastLoginTime: 1.3.6.1.4.1.26027.1.4.5:=-13w)</
literal>
6443N/A matches entries with a last login time more recent than 13 weeks.</
para>
6443N/A <
para>You also use extensible match filters with localized values.
6443N/A Directory servers like OpenDJ support a variety of internationalized
6443N/A locales, each of which has an OID for collation order, such as
6443N/A <
literal>1.3.6.1.4.1.42.2.27.9.4.76.1</
literal> for French. OpenDJ also
6443N/A lets you use the language subtype, such as <
literal>fr</
literal>, instead
6443N/A <
para><
literal>"(cn:dn:=My App)"</
literal> matches entries who have
6443N/A <
literal>My App</
literal> as the common name and also as the value of a
6443N/A <
entry><
literal>!</
literal></
entry>
6443N/A <
para>NOT operator, to find entries that do not match the specified filter
6443N/A <
para>Take care to limit your search when using <
literal>!</
literal> to
6443N/A avoid matching so many entries that the server treats your search as
6443N/A <
para><
literal>'!(objectclass=person)'</
literal> matches non-person
6443N/A <
entry><
literal>&</
literal></
entry>
6443N/A <
para>AND operator, to find entries that match all specified filter
6443N/A <
para><
literal>'(&(l=Cupertino)(!(uid=bjensen)))'</
literal> matches
6443N/A entries for users in Cupertino other than the user with ID
6443N/A <
literal>bjensen</
literal>.</
para>
6443N/A <
entry><
literal>|</
literal></
entry>
6443N/A <
para>OR operator, to find entries that match one of the specified filter
6443N/A <
para><
literal>"|(sn=Jensen)(sn=Johnson)"</
literal> matches entries with
6443N/A surname Jensen or surname Johnson.</
para>