An LDAP filter is a part of the LDAP URL used to search for matching directory entries.
Basic syntax:
- comparison operators
- equality:
(key=value)
- wildcards
(key1=val*)
and(key1=*ue)
- the attribute cannot be a DN
- note that prefixed wildcards takes
O(n)
, while suffixed wildcards are indexed
- greater than or equal to (lexicographical):
>=
- less than or equal to (lexicographical):
<=
- approximately equal to:
~=
>
and<
are not supported
- equality:
- logical operators
- LDAP queries use a prefix notation.
- logical AND:
(&(key1=value)(key2=value))
- logical OR:
(|(key1=value)(key2=value))
- logical NOT:
(!(key1=value))
- nest conditions with parentheses:
(&(key1=value)(|(key2=value)(key3=value)))
For more on AD-specific filters, see source.