Use the Define Directory Search dialog to specify the directory attributes you want to search. The attributes returned by the directory search are then matched against the field values.
Important! If a directory query string contains any LDAP-reserved characters, such as !, &, ), (, and so on, then this query text is interpreted as an operator when queries are performed on external configured directories. Consequently, query processing fails because this operator is seen at an invalid point in the query filter.
This dialog contains the following fields:
Defines the base DN to be searched such as the following:
DC=ca,DC=com
It defines the location in the directory from which to begin searching. The base DN is matched against the configured directories (using the Add Directory wizard). If no configured directories are found, the search fails. Specify the entire DN, for example:
winnt://domain/base DN
Another example is:
ldap://directory name/base DN
Defines the filter to narrow the scope of search.
The list of filter operators:
|
Filter Operator |
Description |
|
= |
Equal |
|
<= |
Less than or equal to |
|
>= |
Greater than or equal to |
|
& |
AND |
|
| |
OR |
|
! |
NOT |
The query syntax is in prefix notation.
Example 1:
X AND Y
would be expressed as
(&(X)(Y))
Example 2:
X OR Y
would be expressed as
(|(X)(Y))
For more efficient queries, use indexed attributes as the first attribute in the search filter. See the examples below.
Defines the attributes to be returned and matched against this field. For example:
userCn,email,givenName
A search scope defines how deep to search within the search base.
Selecting One-level searches objects immediately subordinate to the base object.
Selecting Sub-tree level searches the entire subtree of which the base distinguished name is the topmost object.
Lists the values that match the conditions specified in the preceding fields.
If an attribute contains multiple values, for example, directReports or memberOf, a new row is added for each value.
Examples: Filtering
If you want to search for all of the users who have first names of Bill AND last names of either Smith OR Adams, the filter is similar to the following:
(&(&(objectClass=user)(givenName=Bill)(|(sn=Smith)(sn=Adams))))
The "!" sign (the NOT operator) can be applied to a single term, as in the following example:
(&(&(objectClass=user)(&(sn=Adams)(!givenName=Bill)(!givenName=Mary))))
The above filter finds users who have the surname Adams whose given name is neither Bill nor Mary.
Queries also support asterisk wildcards. The following search returns all of the users who have surnames that start with the letter J:
(&(objectClass=user)(sn=j*))
The searches are not case sensitive, and you can search by using leading and trailing asterisks (*string*) to find substrings in the middle of a value. Such searches take much longer to complete. When possible, use either a leading or trailing wildcard character, but not both.
You can use a wildcard by itself to test for the existence or absence of a given attribute. If you want to find all of the users who do not have an email address, you can find them by using the following query:
(&(objectClass=user)(!email=*))
The escape character in a query is the backslash (\). This is a reserved character, along with * ( ) and NUL. To search for reserved characters as part of an attribute value, you must precede the reserved characters with the escape character and one of the following numeric codes for each reserved character:
|
Character |
Escape sequence |
|
* |
2a |
|
( |
28 |
|
) |
29 |
|
\ |
5c |
For example, if you want to search for all of the users whose display names end in a closed parenthesis character, use the following search:
(&(objectClass=user)(displayName=*\29))
|
Copyright © 2013 CA.
All rights reserved.
|
|