428
|
1 @c -*-texinfo-*-
|
|
2 @c This is part of the XEmacs Lisp Reference Manual.
|
444
|
3 @c Copyright (C) 1998 Free Software Foundation, Inc.
|
428
|
4 @c See the file lispref.texi for copying conditions.
|
|
5 @setfilename ../../info/ldap.info
|
442
|
6 @node LDAP Support, PostgreSQL Support, ToolTalk Support, top
|
428
|
7 @chapter LDAP Support
|
|
8 @cindex LDAP
|
|
9
|
|
10 XEmacs can be linked with a LDAP client library to provide Elisp primitives
|
|
11 to access directory servers using the Lightweight Directory Access Protocol.
|
|
12
|
|
13 @menu
|
|
14 * Building XEmacs with LDAP support:: How to add LDAP support to XEmacs
|
|
15 * XEmacs LDAP API:: Lisp access to LDAP functions
|
|
16 * Syntax of Search Filters:: A brief summary of RFC 1558
|
|
17 @end menu
|
|
18
|
|
19 @node Building XEmacs with LDAP support, XEmacs LDAP API, LDAP Support, LDAP Support
|
|
20 @comment node-name, next, previous, up
|
|
21 @section Building XEmacs with LDAP support
|
|
22
|
|
23 LDAP support must be added to XEmacs at build time since it requires
|
|
24 linking to an external LDAP client library. As of 21.2, XEmacs has been
|
|
25 successfully built and tested with
|
|
26
|
|
27 @itemize @bullet
|
442
|
28 @item OpenLDAP 1.2 (@url{http://www.openldap.org/})
|
428
|
29 @item University of Michigan's LDAP 3.3 (@url{http://www.umich.edu/~dirsvcs/ldap/})
|
|
30 @item LDAP SDK 1.0 from Netscape Corp. (@url{http://developer.netscape.com/})
|
|
31 @end itemize
|
|
32
|
|
33 Other libraries conforming to RFC 1823 will probably work also but may
|
|
34 require some minor tweaking at C level.
|
|
35
|
442
|
36 The standard XEmacs configure script auto-detects an installed LDAP
|
428
|
37 library provided the library itself and the corresponding header files
|
|
38 can be found in the library and include paths. A successful detection
|
|
39 will be signalled in the final output of the configure script.
|
|
40
|
|
41
|
|
42
|
|
43 @node XEmacs LDAP API, Syntax of Search Filters, Building XEmacs with LDAP support, LDAP Support
|
|
44 @comment node-name, next, previous, up
|
|
45 @section XEmacs LDAP API
|
|
46
|
|
47 XEmacs LDAP API consists of two layers: a low-level layer which tries
|
|
48 to stay as close as possible to the C API (where practical) and a
|
|
49 higher-level layer which provides more convenient primitives to
|
|
50 effectively use LDAP.
|
|
51
|
442
|
52 The low-level API should be used directly for very specific purposes
|
|
53 (such as multiple operations on a connection) only. The higher-level
|
|
54 functions provide a more convenient way to access LDAP directories
|
|
55 hiding the subtleties of handling the connection, translating arguments
|
|
56 and ensuring compliance with LDAP internationalization rules and formats
|
|
57 (currently partly implemented only).
|
428
|
58
|
|
59 @menu
|
|
60 * LDAP Variables:: Lisp variables related to LDAP
|
444
|
61 * The High-Level LDAP API:: High-level LDAP lisp functions
|
428
|
62 * The Low-Level LDAP API:: Low-level LDAP lisp primitives
|
442
|
63 * LDAP Internationalization:: I18n variables and functions
|
428
|
64 @end menu
|
|
65
|
|
66
|
|
67 @node LDAP Variables, The High-Level LDAP API, XEmacs LDAP API, XEmacs LDAP API
|
|
68 @comment node-name, next, previous, up
|
|
69 @subsection LDAP Variables
|
|
70
|
|
71 @defvar ldap-default-host
|
|
72 The default LDAP server hostname.
|
444
|
73 A TCP port number can be appended to that name using a colon as
|
428
|
74 a separator.
|
|
75 @end defvar
|
|
76
|
|
77 @defvar ldap-default-port
|
|
78 Default TCP port for LDAP connections.
|
|
79 Initialized from the LDAP library. Default value is 389.
|
|
80 @end defvar
|
|
81
|
|
82 @defvar ldap-default-base
|
|
83 Default base for LDAP searches.
|
|
84 This is a string using the syntax of RFC 1779.
|
442
|
85 For instance, "o=ACME, c=US" limits the search to the
|
428
|
86 Acme organization in the United States.
|
|
87 @end defvar
|
|
88
|
|
89 @defvar ldap-host-parameters-alist
|
444
|
90 An alist of per host options for LDAP transactions.
|
428
|
91 The list elements look like @code{(HOST PROP1 VAL1 PROP2 VAL2 ...)}
|
|
92 @var{host} is the name of an LDAP server. A TCP port number can be
|
|
93 appended to that name using a colon as a separator.
|
|
94 @var{propn} and @var{valn} are
|
|
95 property/value pairs describing parameters for the server. Valid
|
|
96 properties:
|
|
97 @table @code
|
|
98 @item binddn
|
|
99 The distinguished name of the user to bind as. This may look like
|
442
|
100 @samp{cn=Babs Jensen,o=ACME,c=US}, see RFC 1779 for details.
|
428
|
101 @item passwd
|
|
102 The password to use for authentication.
|
|
103 @item auth
|
|
104 The authentication method to use, possible values depend on the LDAP
|
|
105 library XEmacs was compiled with, they may include @code{simple},
|
|
106 @code{krbv41} and @code{krbv42}.
|
|
107 @item base
|
444
|
108 The base for the search. This may look like @samp{cÿ, o¬me}, see
|
428
|
109 RFC 1779 for syntax details.
|
|
110 @item scope
|
444
|
111 One of the symbols @code{base}, @code{onelevel} or @code{subtree}
|
428
|
112 indicating the scope of the search limited to a base
|
444
|
113 object, to a single level or to the whole subtree.
|
428
|
114 @item deref
|
|
115 The dereference policy is one of the symbols @code{never},
|
|
116 @code{always}, @code{search} or @code{find} and defines how aliases are
|
|
117 dereferenced.
|
|
118 @table @code
|
|
119 @item never
|
|
120 Aliases are never dereferenced
|
|
121 @item always
|
|
122 Aliases are always dereferenced
|
|
123 @item search
|
|
124 Aliases are dereferenced when searching
|
|
125 @item find
|
|
126 Aliases are dereferenced when locating the base object for the search
|
|
127 @end table
|
|
128 @item timelimit
|
|
129 The timeout limit for the connection in seconds.
|
|
130 @item sizelimit
|
|
131 The maximum number of matches to return for searches performed on this connection.
|
|
132 @end table
|
|
133 @end defvar
|
|
134
|
442
|
135 @defvar ldap-verbose
|
|
136 If non-@code{nil}, LDAP operations will echo progress messages. Defaults to @code{nil}.
|
|
137 @end defvar
|
428
|
138
|
|
139
|
|
140 @node The High-Level LDAP API, The Low-Level LDAP API, LDAP Variables, XEmacs LDAP API
|
|
141 @comment node-name, next, previous, up
|
|
142 @subsection The High-Level LDAP API
|
|
143
|
442
|
144 The following functions provide the most convenient interface to perform
|
|
145 LDAP operations. All of them open a connection to a host, perform an
|
|
146 operation (add/search/modify/delete) on one or several entries and
|
|
147 cleanly close the connection thus insulating the user from all the
|
|
148 details of the low-level interface such as LDAP Lisp objects @pxref{The
|
444
|
149 Low-Level LDAP API}.
|
428
|
150
|
442
|
151 Note that @code{ldap-search} which used to be the name of the high-level
|
444
|
152 search function in XEmacs 21.1 is now obsolete. For consistency in the
|
442
|
153 naming as well as backward compatibility, that function now acts as a
|
|
154 wrapper that calls either @code{ldap-search-basic} (low-level search
|
|
155 function) or @code{ldap-search-entries} (high-level search function)
|
|
156 according to the actual parameters. A direct call to one of these two
|
|
157 functions is preferred since it is faster and unambiguous.
|
428
|
158
|
444
|
159 @deffn Command ldap-search-entries filter &optional host attributes attrsonly withdn
|
428
|
160 Perform an LDAP search.
|
|
161 @var{filter} is the search filter @pxref{Syntax of Search Filters}
|
442
|
162 @var{host} is the LDAP host on which to perform the search.
|
444
|
163 @var{attributes} is the specific attributes to retrieve, @code{nil} means
|
442
|
164 retrieve all.
|
444
|
165 @var{attrsonly} if non-@code{nil} retrieves the attributes only without
|
428
|
166 their associated values.
|
442
|
167 If @var{withdn} is non-@code{nil} each entry in the result will be prepended with
|
|
168 its distinguished name DN.
|
444
|
169 Additional search parameters can be specified through
|
428
|
170 @code{ldap-host-parameters-alist}.
|
442
|
171 The function returns a list of matching entries. Each entry is itself
|
|
172 an alist of attribute/value pairs optionally preceded by the DN of the
|
|
173 entry according to the value of @var{withdn}.
|
444
|
174 @end deffn
|
442
|
175
|
|
176 @defun ldap-add-entries entries &optional host binddn passwd
|
|
177 Add entries to an LDAP directory. @var{entries} is a list of entry
|
444
|
178 specifications of the form @code{(DN (ATTR . VALUE) (ATTR . VALUE) ...)}
|
442
|
179 where @var{dn} the distinguished name of an entry to add, the following
|
444
|
180 are cons cells containing attribute/value string pairs.
|
|
181 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}.
|
|
182 @var{binddn} is the DN to bind as to the server.
|
|
183 @var{passwd} is the corresponding password.
|
428
|
184 @end defun
|
|
185
|
442
|
186 @defun ldap-modify-entries entry-mods &optional host binddn passwd
|
|
187 Modify entries of an LDAP directory.
|
444
|
188 @var{entry_mods} is a list of entry modifications of the form
|
|
189 @code{(DN MOD-SPEC1 MOD-SPEC2 ...)} where @var{dn} is the distinguished name of
|
|
190 the entry to modify, the following are modification specifications.
|
|
191 A modification specification is itself a list of the form
|
|
192 @code{(MOD-OP ATTR VALUE1 VALUE2 ...)} @var{mod-op} and @var{attr} are mandatory,
|
442
|
193 @var{values} are optional depending on @var{mod-op}.
|
|
194 @var{mod-op} is the type of modification, one of the symbols @code{add}, @code{delete}
|
|
195 or @code{replace}. @var{attr} is the LDAP attribute type to modify.
|
444
|
196 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}.
|
|
197 @var{binddn} is the DN to bind as to the server.
|
|
198 @var{passwd} is the corresponding password.
|
442
|
199 @end defun
|
|
200
|
|
201 @defun ldap-delete-entries dn &optional host binddn passwd
|
|
202 Delete an entry from an LDAP directory.
|
444
|
203 @var{dn} is the distinguished name of an entry to delete or
|
442
|
204 a list of those.
|
444
|
205 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}.
|
|
206 @var{binddn} is the DN to bind as to the server.
|
442
|
207 @var{passwd} is the corresponding password.
|
|
208 @end defun
|
|
209
|
|
210
|
|
211 @node The Low-Level LDAP API, LDAP Internationalization, The High-Level LDAP API, XEmacs LDAP API
|
428
|
212 @comment node-name, next, previous, up
|
|
213 @subsection The Low-Level LDAP API
|
|
214
|
442
|
215 The low-level API should be used directly for very specific purposes
|
|
216 (such as multiple operations on a connection) only. The higher-level
|
|
217 functions provide a more convenient way to access LDAP directories
|
|
218 hiding the subtleties of handling the connection, translating arguments
|
|
219 and ensuring compliance with LDAP internationalization rules and formats
|
|
220 (currently partly implemented only). See @pxref{The High-Level LDAP API}
|
|
221
|
|
222 Note that the former functions @code{ldap-*-internal} functions have been
|
|
223 renamed in XEmacs 21.2
|
|
224
|
428
|
225 @menu
|
444
|
226 * The LDAP Lisp Object::
|
|
227 * Opening and Closing a LDAP Connection::
|
|
228 * Low-level Operations on a LDAP Server::
|
428
|
229 @end menu
|
|
230
|
|
231 @node The LDAP Lisp Object, Opening and Closing a LDAP Connection, The Low-Level LDAP API, The Low-Level LDAP API
|
|
232 @comment node-name, next, previous, up
|
|
233 @subsubsection The LDAP Lisp Object
|
|
234
|
|
235 An internal built-in @code{ldap} lisp object represents a LDAP
|
|
236 connection.
|
|
237
|
|
238 @defun ldapp object
|
|
239 This function returns non-@code{nil} if @var{object} is a @code{ldap} object.
|
|
240 @end defun
|
|
241
|
|
242 @defun ldap-host ldap
|
444
|
243 Return the server host of the connection represented by @var{ldap}.
|
428
|
244 @end defun
|
|
245
|
|
246 @defun ldap-live-p ldap
|
444
|
247 Return non-@code{nil} if @var{ldap} is an active LDAP connection.
|
428
|
248 @end defun
|
|
249
|
|
250
|
442
|
251 @node Opening and Closing a LDAP Connection, Low-level Operations on a LDAP Server, The LDAP Lisp Object, The Low-Level LDAP API
|
428
|
252 @comment node-name, next, previous, up
|
|
253 @subsubsection Opening and Closing a LDAP Connection
|
|
254
|
|
255 @defun ldap-open host &optional plist
|
|
256 Open a LDAP connection to @var{host}.
|
|
257 @var{plist} is a property list containing additional parameters for the connection.
|
|
258 Valid keys in that list are:
|
|
259 @table @code
|
|
260 @item port
|
|
261 The TCP port to use for the connection if different from
|
|
262 @code{ldap-default-port} or the library builtin value
|
|
263 @item auth
|
|
264 The authentication method to use, possible values depend on the LDAP
|
|
265 library XEmacs was compiled with, they may include @code{simple},
|
|
266 @code{krbv41} and @code{krbv42}.
|
|
267 @item binddn
|
|
268 The distinguished name of the user to bind as. This may look like
|
442
|
269 @samp{c=com, o=Acme, cn=Babs Jensen}, see RFC 1779 for details.
|
428
|
270 @item passwd
|
|
271 The password to use for authentication.
|
|
272 @item deref
|
|
273 The dereference policy is one of the symbols @code{never},
|
|
274 @code{always}, @code{search} or @code{find} and defines how aliases are
|
|
275 dereferenced.
|
|
276 @table @code
|
|
277 @item never
|
444
|
278 Aliases are never dereferenced.
|
428
|
279 @item always
|
444
|
280 Aliases are always dereferenced.
|
428
|
281 @item search
|
444
|
282 Aliases are dereferenced when searching.
|
428
|
283 @item find
|
444
|
284 Aliases are dereferenced when locating the base object for the search.
|
428
|
285 @end table
|
|
286 The default is @code{never}.
|
|
287 @item timelimit
|
|
288 The timeout limit for the connection in seconds.
|
|
289 @item sizelimit
|
|
290 The maximum number of matches to return for searches performed on this connection.
|
|
291 @end table
|
|
292 @end defun
|
|
293
|
|
294 @defun ldap-close ldap
|
444
|
295 Close the connection represented by @var{ldap}.
|
428
|
296 @end defun
|
|
297
|
|
298
|
442
|
299 @node Low-level Operations on a LDAP Server, , Opening and Closing a LDAP Connection, The Low-Level LDAP API
|
428
|
300 @comment node-name, next, previous, up
|
442
|
301 @subsubsection Low-level Operations on a LDAP Server
|
428
|
302
|
442
|
303 @code{ldap-search-basic} is the low-level primitive to perform a
|
428
|
304 search on a LDAP server. It works directly on an open LDAP connection
|
|
305 thus requiring a preliminary call to @code{ldap-open}. Multiple
|
|
306 searches can be made on the same connection, then the session must be
|
|
307 closed with @code{ldap-close}.
|
|
308
|
444
|
309 @defun ldap-search-basic ldap filter &optional base scope attrs attrsonly withdn verbose
|
428
|
310 Perform a search on an open connection @var{ldap} created with @code{ldap-open}.
|
|
311 @var{filter} is a filter string for the search @pxref{Syntax of Search Filters}
|
|
312 @var{base} is the distinguished name at which to start the search.
|
|
313 @var{scope} is one of the symbols @code{base}, @code{onelevel} or
|
|
314 @code{subtree} indicating the scope of the search limited to a base
|
|
315 object, to a single level or to the whole subtree. The default is
|
|
316 @code{subtree}.
|
444
|
317 @var{attrs} is a list of strings indicating which attributes to retrieve
|
428
|
318 for each matching entry. If @code{nil} all available attributes are returned.
|
444
|
319 If @var{attrsonly} is non-@code{nil} then only the attributes are
|
|
320 retrieved, not their associated values.
|
|
321 If @var{withdn} is non-@code{nil} then each entry in the result is
|
|
322 prepended with its distinguished name DN.
|
|
323 If @var{verbose} is non-@code{nil} then progress messages are echoed
|
442
|
324 The function returns a list of matching entries. Each entry is itself
|
|
325 an alist of attribute/value pairs optionally preceded by the DN of the
|
444
|
326 entry according to the value of @var{withdn}.
|
442
|
327 @end defun
|
|
328
|
|
329 @defun ldap-add ldap dn entry
|
|
330 Add @var{entry} to a LDAP directory which a connection @var{ldap} has
|
|
331 been opened to with @code{ldap-open}.
|
|
332 @var{dn} is the distinguished name of the entry to add.
|
|
333 @var{entry} is an entry specification, i.e., a list of cons cells
|
|
334 containing attribute/value string pairs.
|
|
335 @end defun
|
|
336
|
|
337 @defun ldap-modify ldap dn mods
|
|
338 Modify an entry in an LDAP directory.
|
|
339 @var{ldap} is an LDAP connection object created with @code{ldap-open}.
|
|
340 @var{dn} is the distinguished name of the entry to modify.
|
|
341 @var{mods} is a list of modifications to apply.
|
|
342 A modification is a list of the form @code{(MOD-OP ATTR VALUE1 VALUE2 ...)}
|
|
343 @var{mod-op} and @var{attr} are mandatory, @var{values} are optional depending on @var{mod-op}.
|
|
344 @var{mod-op} is the type of modification, one of the symbols @code{add}, @code{delete}
|
444
|
345 or @code{replace}. @var{attr} is the LDAP attribute type to modify.
|
442
|
346 @end defun
|
|
347
|
|
348 @defun ldap-delete ldap dn
|
|
349 Delete an entry to an LDAP directory.
|
|
350 @var{ldap} is an LDAP connection object created with @code{ldap-open}.
|
444
|
351 @var{dn} is the distinguished name of the entry to delete.
|
428
|
352 @end defun
|
|
353
|
|
354
|
|
355
|
442
|
356 @node LDAP Internationalization, , The Low-Level LDAP API, XEmacs LDAP API
|
|
357 @comment node-name, next, previous, up
|
|
358 @subsection LDAP Internationalization
|
|
359
|
|
360 The XEmacs LDAP API provides basic internationalization features based
|
|
361 on the LDAP v3 specification (essentially RFC2252 on "LDAP v3 Attribute
|
|
362 Syntax Definitions"). Unfortunately since there is currently no free
|
|
363 LDAP v3 server software, this part has not received much testing and
|
|
364 should be considered experimental. The framework is in place though.
|
|
365
|
|
366 @defun ldap-decode-attribute attr
|
|
367 Decode the attribute/value pair @var{attr} according to LDAP rules.
|
|
368 The attribute name is looked up in @code{ldap-attribute-syntaxes-alist}
|
|
369 and the corresponding decoder is then retrieved from
|
|
370 @code{ldap-attribute-syntax-decoders}' and applied on the value(s).
|
|
371 @end defun
|
|
372
|
|
373 @menu
|
444
|
374 * LDAP Internationalization Variables::
|
|
375 * Encoder/Decoder Functions::
|
442
|
376 @end menu
|
|
377
|
|
378 @node LDAP Internationalization Variables, Encoder/Decoder Functions, LDAP Internationalization, LDAP Internationalization
|
|
379 @comment node-name, next, previous, up
|
|
380 @subsubsection LDAP Internationalization Variables
|
|
381
|
|
382 @defvar ldap-ignore-attribute-codings
|
|
383 If non-@code{nil}, no encoding/decoding will be performed LDAP attribute values
|
|
384 @end defvar
|
|
385
|
|
386 @defvar ldap-coding-system
|
|
387 Coding system of LDAP string values.
|
444
|
388 LDAP v3 specifies the coding system of strings to be UTF-8.
|
442
|
389 You need an XEmacs with Mule support for this.
|
|
390 @end defvar
|
|
391
|
|
392 @defvar ldap-default-attribute-decoder
|
|
393 Decoder function to use for attributes whose syntax is unknown. Such a
|
|
394 function receives an encoded attribute value as a string and should
|
444
|
395 return the decoded value as a string.
|
442
|
396 @end defvar
|
|
397
|
|
398 @defvar ldap-attribute-syntax-encoders
|
|
399 A vector of functions used to encode LDAP attribute values.
|
|
400 The sequence of functions corresponds to the sequence of LDAP attribute syntax
|
444
|
401 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in
|
442
|
402 RFC2252 section 4.3.2. As of this writing, only a few encoder functions
|
|
403 are available.
|
|
404 @end defvar
|
|
405
|
|
406 @defvar ldap-attribute-syntax-decoders
|
|
407 A vector of functions used to decode LDAP attribute values.
|
|
408 The sequence of functions corresponds to the sequence of LDAP attribute syntax
|
444
|
409 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in
|
442
|
410 RFC2252 section 4.3.2. As of this writing, only a few decoder functions
|
|
411 are available.
|
|
412 @end defvar
|
|
413
|
|
414 @defvar ldap-attribute-syntaxes-alist
|
|
415 A map of LDAP attribute names to their type object id minor number.
|
444
|
416 This table is built from RFC2252 Section 5 and RFC2256 Section 5.
|
442
|
417 @end defvar
|
|
418
|
|
419 @node Encoder/Decoder Functions, , LDAP Internationalization Variables, LDAP Internationalization
|
|
420 @comment node-name, next, previous, up
|
|
421 @subsubsection Encoder/Decoder Functions
|
|
422
|
|
423 @defun ldap-encode-boolean bool
|
|
424 A function that encodes an elisp boolean @var{bool} into a LDAP
|
444
|
425 boolean string representation.
|
442
|
426 @end defun
|
|
427
|
|
428 @defun ldap-decode-boolean str
|
|
429 A function that decodes a LDAP boolean string representation
|
444
|
430 @var{str} into an elisp boolean.
|
442
|
431 @end defun
|
|
432
|
|
433 @defun ldap-decode-string str
|
444
|
434 Decode a string @var{str} according to @var{ldap-coding-system}.
|
442
|
435 @end defun
|
|
436
|
|
437 @defun ldap-encode-string str
|
444
|
438 Encode a string @var{str} according to @var{ldap-coding-system}.
|
442
|
439 @end defun
|
|
440
|
|
441 @defun ldap-decode-address str
|
444
|
442 Decode an address @var{str} according to @var{ldap-coding-system} and
|
442
|
443 replacing $ signs with newlines as specified by LDAP encoding rules for
|
444
|
444 addresses.
|
442
|
445 @end defun
|
|
446
|
|
447 @defun ldap-encode-address str
|
444
|
448 Encode an address @var{str} according to @var{ldap-coding-system} and
|
442
|
449 replacing newlines with $ signs as specified by LDAP encoding rules for
|
444
|
450 addresses.
|
442
|
451 @end defun
|
|
452
|
428
|
453
|
|
454
|
|
455 @node Syntax of Search Filters, , XEmacs LDAP API, LDAP Support
|
|
456 @comment node-name, next, previous, up
|
|
457 @section Syntax of Search Filters
|
|
458
|
|
459 LDAP search functions use RFC1558 syntax to describe the search filter.
|
|
460 In that syntax simple filters have the form:
|
|
461
|
|
462 @example
|
|
463 (<attr> <filtertype> <value>)
|
|
464 @end example
|
|
465
|
|
466 @code{<attr>} is an attribute name such as @code{cn} for Common Name,
|
|
467 @code{o} for Organization, etc...
|
|
468
|
|
469 @code{<value>} is the corresponding value. This is generally an exact
|
|
470 string but may also contain @code{*} characters as wildcards
|
|
471
|
444
|
472 @code{filtertype} is one @code{=} @code{~=}, @code{<=}, @code{>=} which
|
428
|
473 respectively describe equality, approximate equality, inferiority and
|
444
|
474 superiority.
|
428
|
475
|
|
476 Thus @code{(cn=John Smith)} matches all records having a canonical name
|
|
477 equal to John Smith.
|
|
478
|
|
479 A special case is the presence filter @code{(<attr>=*} which matches
|
|
480 records containing a particular attribute. For instance @code{(mail=*)}
|
|
481 matches all records containing a @code{mail} attribute.
|
|
482
|
|
483 Simple filters can be connected together with the logical operators
|
|
484 @code{&}, @code{|} and @code{!} which stand for the usual and, or and
|
|
485 not operators.
|
|
486
|
|
487 @code{(&(objectClass=Person)(mail=*)(|(sn=Smith)(givenname=John)))}
|
|
488 matches records of class @code{Person} containing a @code{mail}
|
444
|
489 attribute and corresponding to people whose last name is @code{Smith} or
|
428
|
490 whose first name is @code{John}.
|