LDAP filter

An LDAP filter is a part of the LDAP URL used to search for matching directory entries.

Basic syntax:

• comparison operators
  • equality: (key=value)
  • wildcards
    • (key1=val*) and (key1=*ue)
    • the attribute cannot be a DN
    • note that prefixed wildcards takes O(n), while suffixed wildcards are indexed
  • greater than or equal to (lexicographical): >=
  • less than or equal to (lexicographical): <=
  • approximately equal to: ~=
  • > and < are not supported
• logical operators
  • LDAP queries use a prefix notation.
  • logical AND: (&(key1=value)(key2=value))
  • logical OR: (|(key1=value)(key2=value))
  • logical NOT: (!(key1=value))
  • nest conditions with parentheses: (&(key1=value)(|(key2=value)(key3=value)))

For more on AD-specific filters, see source.