Regarding LDAP Search Query

Question

Let's suppose that I want to search a number say 123 and LDAP has entries like 123# or 1-2-3. What should be the LDAP Search filter which needs to be provided? I tried *123* but it doesn't work in case of 1-2-3.

Answer 1

LDAP does not have "entries like 123#", it has entries identified by distinguished names that contain attributes. To search for an an entry that contains a value, you must provide the following parameters to a search request:

• base object (distinguished name where the search should commence)
• scope - base, one level subordinate to the base, or subtree (all entries subordinate to the base object
• filter - an assertion that must evaluate to true in order for the entry to be returned to the client
• attributes to return - a list of attributes that the LDAP client desires

If the attribute in question is named number and has a syntax of Integer and a matching rule of IntegerMatch, then the filter (number=123) will find an attribute named number with the integer value of 123. Which filter to use depends on the syntax and matching rule in the attribute type definition because the directory server performs the task of matching attribute values against provided filters with matching rules (as must applications, by the way). Programmers must not consider LDAP attribute values to be "strings", instead they must understand attribute syntaxes and matching rules. There is a DirectoryString syntax (with a very specific definition, though for many purposes it can be considered a garden-variety string) but not all attributes are defined with DirectoryString syntax. Nor do all attributes use the same matching rules and ordering rules.

see also

• LDAP: ldapsearch
• LDAP: Mastering search filters
• LDAP: Programming Practices