LDAP Filters
LDAP filters are filter strings that you use to specify a subset of data items in an LDAP data type. The syntax for LDAP filters is described in Internet RFC 2254. LDAP filters are processed by the underlying LDAP data source.
- You use LDAP filters when you do the following:
- Retrieve data items from an LDAP data type using GetByFilter.
- Retrieve a subset of linked LDAP data items using GetByLinks.
- Delete individual data items from an LDAP data type.
- Specify which data items appear when you browse an LDAP data type in the Netcool/Impact GUI.
Syntax
An LDAP filter consists of one or more boolean expressions, with logical operators prefixed to the expression list.
The boolean expressions use the following format:
Attribute Operator Value
where Attribute is the LDAP attribute name and Value is the the field value.
The filter syntax supports the =, ~=, <, <=, >, >= and ! operators, and provides limited substring matching using the * operator. In addition, the syntax also supports calls to matching extensions defined in the LDAP data source. White space is not used as a separator between attribute, operator and value, and that string values are not specified using quotation marks.
For more information on LDAP filter syntax, see Internet RFC 2254.
filter = "(" filtercomp ")"
filtercomp = and / or / not / item
and = "&" filterlist
or = "|" filterlist
not = "!" filter
filterlist = 1*filter
item = simple / present / substring / extensible
simple = attr filtertype value
filtertype = equal / approx / greater / less
equal = "="
approx = "~="
greater = ">="
less = "<="
extensible = attr [":dn"] [":" matchingrule] ":=" value
/ [":dn"] ":" matchingrule ":=" value
present = attr "=*"
substring = attr "=" [initial] any [final]
initial = value
any = "*" *(value "*")
final = value
attr = AttributeDescription from Section 4.1.5 of RFC-2251
matchingrule = MatchingRuleId from Section 4.1.9 of RFC-2251
value = AttributeValue from Section 4.1.6 of RFC-2251
Special Character encodings
---------------------------
* /2a, /*
( /28, /(
) /29, /)
/ /5c, //
NUL /00
Examples
The following are examples of LDAP filters:
(cn=Mahatma Gandhi)
(!(location=NYC*))
(&(facility=Wandsworth)(facility=Putney))
(|(facility=Wall St.)(facility=Midtown)(facility=Jersey City))
(nodeid>=12345)