Skip to main content
Kinetic Community

Reference: Structures, Fields and Queries

Structures

The structures for the LDAP Bridge are equivalent to LDAP Object Classes.

Fields

The fields for the LDAP Bridge are equivalent to LDAP Entity Attributes.

Queries

Filters

LDAP query qualifications are referred to as "filters." You can construct filters based on some fairly simple syntax rules.

Filter Syntax

Operator Name Character Purpose
Equals = Creates a filter that requires a specific value.
Any * A wildcard that means the value can be anything except null.
Parentheses () Logically separates discrete parts of the filter.
And & Joins two filters. Each part of the joined filter must be true.
Or | Joins two filters. At least one part of the filter must be true.
Not ! Excludes any object that matches the filter

Filter Examples

The examples below show some of the most common LDAP queries. 


All objects (this unrestricted filter could cause load problems):

objectclass=*

All user objects that are designated as a “person”

(&(objectclass=user)(objectcategory=person))

Mailing Lists only

(objectcategory=group)

Public Folders only

(objectcategory=publicfolder)

All users who are members of the group identified by the DN of “CN=GRoup,OU=Users,DC=Domain,DC=com”:

(&(objectcategory=user)(memberof=CN=Group,OU=Users,DC=Domain,DC=com))

Active Directory LDAP: All users

(objectClass=person)

Active Directory LDAP: All email users (alternate)

(&(objectclass=user)(objectcategory=person))

Active Directory LDAP: All active users

(&(objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

OpenLDAP: All users

(objectClass=inetOrgPerson)

Lotus Domino LDAP: All users

(objectClass=dominoPerson)

Lotus Domino LDAP: All objects with a mail address defined that are designated as a “person “or “group”:

(&(|(objectclass=dominoPerson)(objectclass=dominoGroup)(objectclass=dominoServerMailInDatabase))(mail=*))

All user objects except for ones with primary email addresses that begin with “test”

(&(&(objectclass=user)(objectcategory=person))(!(mail=test*)))

All user objects except for ones with primary email addresses that end with “test”

(&(&(objectclass=user)(objectcategory=person))(!(mail=*test)))

All user objects except for ones with primary email addresses that contain the word “test”

(&(&(objectclass=user)(objectcategory=person))(!(mail=*test*)))

All user objects (users and aliases) that are designated as a “person” and all group objects (distribution lists)

(|(&(objectclass=user)(objectcategory=person))(objectcategory=group))

All user objects that are designated as a “person”, all group objects and all contacts, except those with any value defined for extensionAttribute9:

(&(|(|(&(objectclass=user)(objectcategory=person))(objectcategory=group))(objectclass=contact))(!(extensionAttribute9=*)))

Adding Values to the Search Base using the Query

In LDAP Bridge version 1.1.0, the ability to append values to the search base was added. Because of this, slightly new syntax was added onto the old query syntax. Query syntax now follows the form of <search base addition>(<filter>). The search base addition is not necessary to have a valid query, so all of the previous query examples work. But, if you want to use a search base query to speed up your searches, you can prepend a specific UID to the search base by doing UID=2001(ObjectClass=*).

Examples:

  • UID=20001(ObjectClass=*) -- Adds UID=20001 to the beginning of the Search Base
  • UID=2076,CN=Users(ObjectClass=*) -- Adds UID=2076,CN=Users to the beginning of the Search Base
  • (UID=1) -- A regular filter, keeps the Search Base the same
  • UID=204 -- Adds UID=204 to the Search Base and performs an empty query

Source: http://www.google.com/support/enterp...decisions.html