7 Network Working Group T. Howes
8 Request for Comments: 1960 University of Michigan
9 Obsoletes: 1558 June 1996
10 Category: Standards Track
12 A String Representation of LDAP Search Filters
16 This document specifies an Internet standards track protocol for the
17 Internet community, and requests discussion and suggestions for
18 improvements. Please refer to the current edition of the "Internet
19 Official Protocol Standards" (STD 1) for the standardization state
20 and status of this protocol. Distribution of this memo is unlimited.
24 The Lightweight Directory Access Protocol (LDAP) [1] defines a
25 network representation of a search filter transmitted to an LDAP
26 server. Some applications may find it useful to have a common way of
27 representing these search filters in a human-readable form. This
28 document defines a human-readable string format for representing LDAP
31 2. LDAP Search Filter Definition
33 An LDAP search filter is defined in [1] as follows:
36 and [0] SET OF Filter,
39 equalityMatch [3] AttributeValueAssertion,
40 substrings [4] SubstringFilter,
41 greaterOrEqual [5] AttributeValueAssertion,
42 lessOrEqual [6] AttributeValueAssertion,
43 present [7] AttributeType,
44 approxMatch [8] AttributeValueAssertion
47 SubstringFilter ::= SEQUENCE {
50 initial [0] LDAPString,
58 Howes Standards Track [Page 1]
60 RFC 1960 LDAP Search Filters June 1996
63 AttributeValueAssertion ::= SEQUENCE {
64 attributeType AttributeType,
65 attributeValue AttributeValue
68 AttributeType ::= LDAPString
70 AttributeValue ::= OCTET STRING
72 LDAPString ::= OCTET STRING
74 where the LDAPString above is limited to the IA5 character set. The
75 AttributeType is a string representation of the attribute type name
76 and is defined in [1]. The AttributeValue OCTET STRING has the form
77 defined in [2]. The Filter is encoded for transmission over a
78 network using the Basic Encoding Rules defined in [3], with
79 simplifications described in [1].
81 3. String Search Filter Definition
83 The string representation of an LDAP search filter is defined by the
84 following grammar. It uses a prefix format.
86 <filter> ::= '(' <filtercomp> ')'
87 <filtercomp> ::= <and> | <or> | <not> | <item>
88 <and> ::= '&' <filterlist>
89 <or> ::= '|' <filterlist>
90 <not> ::= '!' <filter>
91 <filterlist> ::= <filter> | <filter> <filterlist>
92 <item> ::= <simple> | <present> | <substring>
93 <simple> ::= <attr> <filtertype> <value>
94 <filtertype> ::= <equal> | <approx> | <greater> | <less>
99 <present> ::= <attr> '=*'
100 <substring> ::= <attr> '=' <initial> <any> <final>
101 <initial> ::= NULL | <value>
102 <any> ::= '*' <starval>
103 <starval> ::= NULL | <value> '*' <starval>
104 <final> ::= NULL | <value>
106 <attr> is a string representing an AttributeType, and has the format
107 defined in [1]. <value> is a string representing an AttributeValue,
108 or part of one, and has the form defined in [2]. If a <value> must
109 contain one of the characters '*' or '(' or ')', these characters
110 should be escaped by preceding them with the backslash '\' character.
114 Howes Standards Track [Page 2]
116 RFC 1960 LDAP Search Filters June 1996
119 Note that although both the <substring> and <present> productions can
120 produce the 'attr=*' construct, this construct is used only to denote
125 This section gives a few examples of search filters written using
130 (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
133 5. Security Considerations
135 Security considerations are not discussed in this memo.
139 [1] Yeong, W., Howes, T., and S. Kille, "Lightweight
140 Directory Access Protocol", RFC 1777, March 1995.
142 [2] Howes, R., Kille, S., Yeong, W., and C. Robbins, "The String
143 Representation of Standard Attribute Syntaxes", RFC 1778,
146 [3] Specification of Basic Encoding Rules for Abstract Syntax
147 Notation One (ASN.1). CCITT Recommendation X.209, 1988.
152 University of Michigan
155 Ann Arbor, MI 48103-4943
158 Phone: +1 313 747-4454
170 Howes Standards Track [Page 3]