Cheatography
https://cheatography.com
Useful tips to create filters to filter LDAP/Active Directory entries.
LDAP definitions
entry |
a collection of information about an entity |
attribute |
holds the data for an entry |
objectClass |
schema elements that specify collections of attribute types that may be related to a particular type of object, process, or other entity |
dn |
uniquely identifies that entry and its position in the directory information tree (DIT) hierarchy |
rdn |
the relative portion of a distinguished name (DN) |
oid |
a string that is used to uniquely identify various elements in the LDAP protocol |
LDAP attribute types
cn |
common name |
name |
name, same as cn |
dn |
distinguished name |
dc |
domain component |
manager |
manager |
company |
company |
department |
department |
o |
organization |
ou |
organizational unit |
uid |
user id |
description |
description |
displayName |
display name |
givenName |
first name |
sn |
surname |
title |
job title |
location |
location |
l |
location |
streetAddress |
first line of address |
postalCode |
zip code |
c |
country |
st |
state |
homephone |
home phone number |
mobile |
mobile phone number |
telephoneNumber |
office phone number |
There are many more available attribute types, consult your LDAP software's manual
|
|
Filter Structure
( ) |
each component of the search filter is enclosed in parenthesis |
(attribute=value) |
the specified attribute must match the specified value |
(attribute=val*) |
* is a wildcard and will match anything |
(attribute=va*e) |
wildcards can be anywhere in the string |
(attribute=*) |
this verifies the attribute exists at all |
(attribute>=10) |
the specified attribute must be larger than 10 |
(attribute<=10) |
the specified attribute must be less than 10 |
(attribute~=value) |
the specified attribute must be like the value, this has no formal standard and each server may implement it differently |
(& (...) (...)) |
must match all entries |
(| (...) (...)) |
must match at least one entry |
(! (...)) |
negates the result, true becomes false and false becomes true |
Example filters
(& (ou=research) (! (c=us))) |
entries where the organizational unit is research and the country is not the united states |
(| (telephoneNumber=555*) (mobileNumber=555*)) |
entries where the telephone number starts with 555 or the mobile number starts with 555 |
(& (| (location=riven) (postalcode=55893)) (title=manager)) |
entries where either the location is riven or the post code is 55893 and the job title is manager |
|
Created By
Metadata
Comments
No comments yet. Add yours below!
Add a Comment