Geek Answers Handbook

LDAP search using regular expression

Is there a way to search in LDAP using a regular expression for a field? I use ldapsearch or the "Sun Server System Directory Server Control Center" to search.

+4
source share
3 answers

The answer is NO, you cannot. Why?

Because the LDAP standard describes LDAP-SEARCH as a function with 4 parameters:

  • Dagger, where to start the search, which is a distinguished name (DN)
  • Attributes you want to return
  • Depth of search (basic, single-level, subtree)
  • Filter.

You are interested in the filter.

MSDN Syntax Documentation

LDAP Explorer Documentation

In addition to syntax

What you need to understand is that the operators between attributes and values ​​and the wildcard values ​​inside the values ​​interact with the corresponding rules that are part of the SCHEMA of your directory. In ex Sun Directory (now the oracle) each attribute can be configured with three corresponding rules (equality, order, substring).

+5
source

LDAP supports substring searching, which is not exactly the same as wildcards. Examples of subscript filters: '(uid=abc*)' and '(mail=' john@ *.com')' , etc.

As a rule, it is convenient to contact the directory services administrator and request any attributes that you intend to use in the filter for indexing to find the substring. Professional LDAP servers support substring search, and for indexes to be indexed, you may need to specify a minimum number of characters. For example, if the server is a Sun Directory server (Sun ONE, DSEE, or SJS DS), before the '*' symbol before the indexes become effective, two characters are required before the '*' symbol, for example, '(mail=ab*)' may use indexes, while '(mail=a*)' may not use indexes.

+3
source

SQL-like LDAP supports basic wildcard matching, but not regular expressions.

0
source

More articles:


All Articles