Network Working Group                                           T. Howes
Request for Comments: 1558                        University of Michigan
Category: Informational                                    December 1993


            A String Representation of LDAP Search Filters

Status of this Memo

  This memo provides information for the Internet community.  This memo
  does not specify an Internet standard of any kind.  Distribution of
  this memo is unlimited.

Abstract

  The Lightweight Directory Access Protocol (LDAP) [1] defines a
  network representation of a search filter transmitted to an LDAP
  server.  Some applications may find it useful to have a common way of
  representing these search filters in a human-readable form.  This
  document defines a human-readable string format for representing LDAP
  search filters.

1.  LDAP Search Filter Definition

  An LDAP search filter is defined in [1] as follows:

    Filter ::= CHOICE {
            and                [0] SET OF Filter,
            or                 [1] SET OF Filter,
            not                [2] Filter,
            equalityMatch      [3] AttributeValueAssertion,
            substrings         [4] SubstringFilter,
            greaterOrEqual     [5] AttributeValueAssertion,
            lessOrEqual        [6] AttributeValueAssertion,
            present            [7] AttributeType,
            approxMatch        [8] AttributeValueAssertion
    }

    SubstringFilter ::= SEQUENCE {
            type    AttributeType,
            SEQUENCE OF CHOICE {
                    initial        [0] LDAPString,
                    any            [1] LDAPString,
                    final          [2] LDAPString
            }
    }





Howes                                                           [Page 1]

RFC 1558             Representation of LDAP Filters        December 1993


    AttributeValueAssertion ::= SEQUENCE
            attributeType   AttributeType,
            attributeValue  AttributeValue
    }

    AttributeType ::= LDAPString

    AttributeValue ::= OCTET STRING

    LDAPString ::= OCTET STRING

  where the LDAPString above is limited to the IA5 character set.  The
  AttributeType is a string representation of the attribute object
  identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter
  string name of the attribute (e.g., "organizationName", or "o").  The
  AttributeValue OCTET STRING has the form defined in [2].  The Filter
  is encoded for transmission over a network using the Basic Encoding
  Rules defined in [3], with simplifications described in [1].

2.  String Search Filter Definition

  The string representation of an LDAP search filter is defined by the
  following BNF.  It uses a prefix format.

    <filter> ::= '(' <filtercomp> ')'
    <filtercomp> ::= <and> | <or> | <not> | <item>
    <and> ::= '&' <filterlist>
    <or> ::= '|' <filterlist>
    <not> ::= '!' <filter>
    <filterlist> ::= <filter> | <filter> <filterlist>
    <item> ::= <simple> | <present> | <substring>
    <simple> ::= <attr> <filtertype> <value>
    <filtertype> ::= <equal> | <approx> | <greater> | <less>
    <equal> ::= '='
    <approx> ::= '~='
    <greater> ::= '>='
    <less> ::= '<='
    <present> ::= <attr> '=*'
    <substring> ::= <attr> '=' <initial> <any> <final>
    <initial> ::= NULL | <value>
    <any> ::= '*' <starval>
    <starval> ::= NULL | <value> '*' <starval>
    <final> ::= NULL | <value>

  <attr> is a string representing an AttributeType, and has the format
  defined in [1].  <value> is a string representing an AttributeValue,
  or part of one, and has the form defined in [2].  If a <value> must
  contain one of the characters '*' or '(' or ')', these characters



Howes                                                           [Page 2]

RFC 1558             Representation of LDAP Filters        December 1993


  should be escaped by preceding them with the backslash '\' character.

3.  Examples

  This section gives a few examples of search filters written using
  this notation.

    (cn=Babs Jensen)
    (!(cn=Tim Howes))
    (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
    (o=univ*of*mich*)

4.  Security Considerations

  Security issues are not discussed in this memo.

5.  References

  [1] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access
      Protocol", RFC 1487, Performance Systems International,
      University of Michigan, ISODE Consortium, July 1993.

  [2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String
      Representation of Standard Attribute Syntaxes", RFC 1488,
      University of Michigan, ISODE Consortium, Performance Systems
      International, NeXor Ltd., July 1993.

  [3] "Specification of Basic Encoding Rules for Abstract Syntax
      Notation One (ASN.1)", CCITT Recommendation X.209, 1988.

6.  Author's Address

      Tim Howes
      University of Michigan
      ITD Research Systems
      535 W William St.
      Ann Arbor, MI 48103-4943
      USA

      Phone: +1 313 747-4454
      EMail: [email protected]










Howes                                                           [Page 3]


You are viewing proxied material from gopher.fnord.one. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.