mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-18 11:05:48 +08:00
171 lines
5.1 KiB
Plaintext
171 lines
5.1 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group T. Howes
|
||
Request for Comments: 1558 University of Michigan
|
||
Category: Informational December 1993
|
||
|
||
|
||
A String Representation of LDAP Search Filters
|
||
|
||
Status of this Memo
|
||
|
||
This memo provides information for the Internet community. This memo
|
||
does not specify an Internet standard of any kind. Distribution of
|
||
this memo is unlimited.
|
||
|
||
Abstract
|
||
|
||
The Lightweight Directory Access Protocol (LDAP) [1] defines a
|
||
network representation of a search filter transmitted to an LDAP
|
||
server. Some applications may find it useful to have a common way of
|
||
representing these search filters in a human-readable form. This
|
||
document defines a human-readable string format for representing LDAP
|
||
search filters.
|
||
|
||
1. LDAP Search Filter Definition
|
||
|
||
An LDAP search filter is defined in [1] as follows:
|
||
|
||
Filter ::= CHOICE {
|
||
and [0] SET OF Filter,
|
||
or [1] SET OF Filter,
|
||
not [2] Filter,
|
||
equalityMatch [3] AttributeValueAssertion,
|
||
substrings [4] SubstringFilter,
|
||
greaterOrEqual [5] AttributeValueAssertion,
|
||
lessOrEqual [6] AttributeValueAssertion,
|
||
present [7] AttributeType,
|
||
approxMatch [8] AttributeValueAssertion
|
||
}
|
||
|
||
SubstringFilter ::= SEQUENCE {
|
||
type AttributeType,
|
||
SEQUENCE OF CHOICE {
|
||
initial [0] LDAPString,
|
||
any [1] LDAPString,
|
||
final [2] LDAPString
|
||
}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
Howes [Page 1]
|
||
|
||
RFC 1558 Representation of LDAP Filters December 1993
|
||
|
||
|
||
AttributeValueAssertion ::= SEQUENCE
|
||
attributeType AttributeType,
|
||
attributeValue AttributeValue
|
||
}
|
||
|
||
AttributeType ::= LDAPString
|
||
|
||
AttributeValue ::= OCTET STRING
|
||
|
||
LDAPString ::= OCTET STRING
|
||
|
||
where the LDAPString above is limited to the IA5 character set. The
|
||
AttributeType is a string representation of the attribute object
|
||
identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter
|
||
string name of the attribute (e.g., "organizationName", or "o"). The
|
||
AttributeValue OCTET STRING has the form defined in [2]. The Filter
|
||
is encoded for transmission over a network using the Basic Encoding
|
||
Rules defined in [3], with simplifications described in [1].
|
||
|
||
2. String Search Filter Definition
|
||
|
||
The string representation of an LDAP search filter is defined by the
|
||
following BNF. It uses a prefix format.
|
||
|
||
<filter> ::= '(' <filtercomp> ')'
|
||
<filtercomp> ::= <and> | <or> | <not> | <item>
|
||
<and> ::= '&' <filterlist>
|
||
<or> ::= '|' <filterlist>
|
||
<not> ::= '!' <filter>
|
||
<filterlist> ::= <filter> | <filter> <filterlist>
|
||
<item> ::= <simple> | <present> | <substring>
|
||
<simple> ::= <attr> <filtertype> <value>
|
||
<filtertype> ::= <equal> | <approx> | <greater> | <less>
|
||
<equal> ::= '='
|
||
<approx> ::= '~='
|
||
<greater> ::= '>='
|
||
<less> ::= '<='
|
||
<present> ::= <attr> '=*'
|
||
<substring> ::= <attr> '=' <initial> <any> <final>
|
||
<initial> ::= NULL | <value>
|
||
<any> ::= '*' <starval>
|
||
<starval> ::= NULL | <value> '*' <starval>
|
||
<final> ::= NULL | <value>
|
||
|
||
<attr> is a string representing an AttributeType, and has the format
|
||
defined in [1]. <value> is a string representing an AttributeValue,
|
||
or part of one, and has the form defined in [2]. If a <value> must
|
||
contain one of the characters '*' or '(' or ')', these characters
|
||
|
||
|
||
|
||
Howes [Page 2]
|
||
|
||
RFC 1558 Representation of LDAP Filters December 1993
|
||
|
||
|
||
should be escaped by preceding them with the backslash '\' character.
|
||
|
||
3. Examples
|
||
|
||
This section gives a few examples of search filters written using
|
||
this notation.
|
||
|
||
(cn=Babs Jensen)
|
||
(!(cn=Tim Howes))
|
||
(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
|
||
(o=univ*of*mich*)
|
||
|
||
4. Security Considerations
|
||
|
||
Security issues are not discussed in this memo.
|
||
|
||
5. References
|
||
|
||
[1] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access
|
||
Protocol", RFC 1487, Performance Systems International,
|
||
University of Michigan, ISODE Consortium, July 1993.
|
||
|
||
[2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String
|
||
Representation of Standard Attribute Syntaxes", RFC 1488,
|
||
University of Michigan, ISODE Consortium, Performance Systems
|
||
International, NeXor Ltd., July 1993.
|
||
|
||
[3] "Specification of Basic Encoding Rules for Abstract Syntax
|
||
Notation One (ASN.1)", CCITT Recommendation X.209, 1988.
|
||
|
||
6. Author's Address
|
||
|
||
Tim Howes
|
||
University of Michigan
|
||
ITD Research Systems
|
||
535 W William St.
|
||
Ann Arbor, MI 48103-4943
|
||
USA
|
||
|
||
Phone: +1 313 747-4454
|
||
EMail: tim@umich.edu
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Howes [Page 3]
|
||
|