A String Representation of LDAP Search Filters

T. Howes

doi:10.17487/RFC1960

1960

PROPOSED STANDARD

A String Representation of LDAP Search Filters (Obsoleted)

Authors: T. Howes

Date: June 1996

Area: app

Working Group: asid

Stream: IETF

Obsoletes: RFC 1558

Obsoleted by: RFC 2254

View on RFC Editor (HTML) Download PDF DOI

Abstract

The Lightweight Directory Access Protocol (LDAP) [1] defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters. [STANDARDS-TRACK]

RFC 1960

Download TXT Download PDF

RFC 1960: A String Representation of LDAP Search Filters [RFC Home] [TEXT|PDF|HTML] [Tracker] [IPR] [Info page]

Obsoleted by: 2254 PROPOSED STANDARD

Network Working Group                                           T. Howes
Request for Comments: 1960                        University of Michigan
Obsoletes: <a href="./rfc1558">1558</a>                                                June 1996
Category: Standards Track

             <span class="h1">A String Representation of LDAP Search Filters</span>

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>.  Abstract</span>

   The Lightweight Directory Access Protocol (LDAP) [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>] defines a
   network representation of a search filter transmitted to an LDAP
   server.  Some applications may find it useful to have a common way of
   representing these search filters in a human-readable form.  This
   document defines a human-readable string format for representing LDAP
   search filters.

<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>.  LDAP Search Filter Definition</span>

   An LDAP search filter is defined in [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>] as follows:

     Filter ::= CHOICE {
             and                [0] SET OF Filter,
             or                 [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>] SET OF Filter,
             not                [<a href="#ref-2" title=""The String Representation of Standard Attribute Syntaxes"">2</a>] Filter,
             equalityMatch      [<a href="#ref-3">3</a>] AttributeValueAssertion,
             substrings         [4] SubstringFilter,
             greaterOrEqual     [5] AttributeValueAssertion,
             lessOrEqual        [6] AttributeValueAssertion,
             present            [7] AttributeType,
             approxMatch        [8] AttributeValueAssertion
     }

     SubstringFilter ::= SEQUENCE {
             type    AttributeType,
             SEQUENCE OF CHOICE {
                     initial        [0] LDAPString,
                     any            [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>] LDAPString,
                     final          [<a href="#ref-2" title=""The String Representation of Standard Attribute Syntaxes"">2</a>] LDAPString
             }
     }



<span class="grey">Howes                       Standards Track                     [Page 1]</span>

<span id="page-2" ></span>
<span class="grey"><a href="./rfc1960">RFC 1960</a>                  LDAP Search Filters                  June 1996</span>


     AttributeValueAssertion ::= SEQUENCE {
             attributeType   AttributeType,
             attributeValue  AttributeValue
     }

     AttributeType ::= LDAPString

     AttributeValue ::= OCTET STRING

     LDAPString ::= OCTET STRING

   where the LDAPString above is limited to the IA5 character set.  The
   AttributeType is a string representation of the attribute type name
   and is defined in [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>].  The AttributeValue OCTET STRING has the form
   defined in [<a href="#ref-2" title=""The String Representation of Standard Attribute Syntaxes"">2</a>].  The Filter is encoded for transmission over a
   network using the Basic Encoding Rules defined in [<a href="#ref-3">3</a>], with
   simplifications described in [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>].

<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>.  String Search Filter Definition</span>

   The string representation of an LDAP search filter is defined by the
   following grammar.  It uses a prefix format.

     <filter> ::= '(' <filtercomp> ')'
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= '&' <filterlist>
     <or> ::= '|' <filterlist>
     <not> ::= '!' <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= '='
     <approx> ::= '~='
     <greater> ::= '>='
     <less> ::= '<='
     <present> ::= <attr> '=*'
     <substring> ::= <attr> '=' <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= '*' <starval>
     <starval> ::= NULL | <value> '*' <starval>
     <final> ::= NULL | <value>

   <attr> is a string representing an AttributeType, and has the format
   defined in [<a href="#ref-1" title=""Lightweight Directory Access Protocol"">1</a>].  <value> is a string representing an AttributeValue,
   or part of one, and has the form defined in [<a href="#ref-2" title=""The String Representation of Standard Attribute Syntaxes"">2</a>].  If a <value> must
   contain one of the characters '*' or '(' or ')', these characters
   should be escaped by preceding them with the backslash '\' character.



<span class="grey">Howes                       Standards Track                     [Page 2]</span>

<span id="page-3" ></span>
<span class="grey"><a href="./rfc1960">RFC 1960</a>                  LDAP Search Filters                  June 1996</span>


   Note that although both the <substring> and <present> productions can
   produce the 'attr=*' construct, this construct is used only to denote
   a presence filter.

<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>.  Examples</span>

   This section gives a few examples of search filters written using
   this notation.

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>.  Security Considerations</span>

   Security considerations are not discussed in this memo.

<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>.  Bibliography</span>

   [<a id="ref-1">1</a>] Yeong, W., Howes, T., and S. Kille, "Lightweight
       Directory Access Protocol", <a href="./rfc1777">RFC 1777</a>, March 1995.

   [<a id="ref-2">2</a>] Howes, R., Kille, S., Yeong, W., and C. Robbins, "The String
       Representation of Standard Attribute Syntaxes", <a href="./rfc1778">RFC 1778</a>,
       March 1995.

   [<a id="ref-3">3</a>] Specification of Basic Encoding Rules for Abstract Syntax
       Notation One (ASN.1).  CCITT Recommendation X.209, 1988.

<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>.  Author's Address</span>

   Tim Howes
   University of Michigan
   ITD Research Systems
   535 W William St.
   Ann Arbor, MI 48103-4943
   USA

   Phone: +1 313 747-4454
   EMail: [email protected]










Howes                       Standards Track                     [Page 3]

Annotations

Select text to annotate

Navigation

A String Representation of LDAP Search Filters (Obsoleted)

Abstract

Annotations

Additional Resources