Feres_F
Reputation: 13
Active Directory search filter example
I can't find the meaning, the difference between these two examples for search filter
(&(objectClass=user)(sn=*)(bysUserName=*)(|(bysUserName={0})(cn={0})))
(&(|(bysUserName={0})(cn={0}))(objectClass=User))
Can anyone help me figure out these two filters? Thanks
Upvotes: 1
Views: 115
Answers (1)
marc_s
Reputation: 755471
If you reorder them a bit, I guess you'll see the difference:
(&(objectClass=user)(sn=*)(bysUserName=*)(|(bysUserName={0})(cn={0})))
(&(objectClass=User) (|(bysUserName={0})(cn={0})))
The first one has additional restrictions on sn (must contain some value) and bysUserName (same thing - must contain some value) that aren't present in the second filter.
Basically, the & defines an AND condition, while the | is an OR operator - so the first filter requires your LDAP objects to satisfy:
- (1)
objectClassmust beuser - AND (2)
snmust contain something (cannot be empty) - AND (3)
bysUserNamemust contain something - AND (4) either
bysUserNameorcnmust match the value that replaces the{0}placeholder
The second filter just requires points (1) and (4)
Upvotes: 1
Related Questions
- DirectorySearcher Filter
- Active Directory LDAP Search Filter or operator syntax
- LDAP search with custom attributes filter
- Active Directory Query using LDAP Query in custom search
- LDAP Search on Active Directory
- Active Directory - search by specifying a search filter and search controls and no context
- Search Inside LDAP Server
- Active Directory Searchable Filters
- Active Directory Custom Search LDAP query
- How do I make a LDAP search on OU on Microsoft Active Directory?