Basic LDAP Search Filters – 2

LDAP Search Command: ldapsearch -h <LDAPHost> -p <Port> -D <Bind DN> -w <Bind DN password> -b <Base DN> -s <Scope>  <LDAP Search Filter>

Ex: ldapsearch -h 192.168.1.2 -p 389 -D cn=admin,o=novell -w password -b o=novell -s sub cn=brown

Below example are with attribute CN. But, You can use it with any attribute

1. AND condition (&)

  (&(CN=brown)(SN=mike))   ==> returns all the entries which has attribute CN as “brown” (case insensitive search) and SN as “mike”

  (&(cn=brown)(SN=mike)(zipcode=123456))  ==>  returns all the entries which has attribute CN as “brown” (case insensitive search) , SN as “mike” and zip code as “123456”

2. OR condition  (|)

  (|(CN=brown)(SN=mike)) ==> returns all the entries which has attribute CN as “brown”  or,  SN as “mike”

3. Complex – AND and OR

  (&(|(CN=Michael)(CN=mike))(SN=brown))  ==> returns all the entries which has attribute CN as Michael or, Mike and SN as Brown.

4. FDN in search

  to search group membership, you may use below filter:

  Novell eDirectory:

   (&(cn=mike)(groupmembership=”cn=groupofDirectors, ou=groups, o=company))  ==> this will return any entry whose CN is Mike and is member of group ” groupmembership=”cn=groupofDirectors, ou=groups, o=company”

Advertisements

Basic LDAP Search Filters

LDAP Search Command: ldapsearch -h <LDAPHost> -p <Port> -D <Bind DN> -w <Bind DN password> -b <Base DN> -s <Scope>  <LDAP Search Filter>

Ex: ldapsearch -h 192.168.1.2 -p 389 -D cn=admin,o=novell -w password -b o=novell -s sub cn=user

Below example are with attribute CN. But, You can use it with any attribute

1. Equal

CN=User  ==> returns all the entries which has attribute CN as “user” (case insensitive search)

2. presence:

CN=*  ==> returns all the enteries which has at least one value for attribute “CN”

3. start with

CN=User*  ==>  Returns all the entries which has at least one value for CN which starts with “User”

Matches:  User , User123 , User-123 , UserRam

Will not match: Use , AuserA , UseA

4. Ends with :

CN=*User  ==>  Returns all the entries which has at least one value for CN which ends with “User”

Matches: User , AUser , KJHksdahaksdjh*aUser , 7678User

Will not match :   User123 , User-123 , UserRam

5. Is not Equal to

(!(CN=User)) ==> Returns all the entries which does not have value for CN as “User”

6. like

CN~=User

6. Greater than

employeeId >= 100 ==> Returns all the entries whose employee ID is greater than 100

7. Less than

employeeId <= 100 ==> Returns all the entries whose employee ID is less than 100