File: rfc1558.html

package info (click to toggle)
doc-rfc 20230121-1
links: PTS, VCS
area: non-free
in suites: bookworm, forky, sid, trixie
size: 1,609,944 kB
file content (165 lines) | stat: -rw-r--r-- 7,620 bytes
parent folder | download | duplicates (2)
<pre>Network Working Group                                           T. Howes
Request for Comments: 1558                        University of Michigan
Category: Informational                                    December 1993


             <span class="h1">A String Representation of LDAP Search Filters</span>

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   The Lightweight Directory Access Protocol (LDAP) [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>] defines a
   network representation of a search filter transmitted to an LDAP
   server.  Some applications may find it useful to have a common way of
   representing these search filters in a human-readable form.  This
   document defines a human-readable string format for representing LDAP
   search filters.

<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>.  LDAP Search Filter Definition</span>

   An LDAP search filter is defined in [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>] as follows:

     Filter ::= CHOICE {
             and                [0] SET OF Filter,
             or                 [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>] SET OF Filter,
             not                [<a href="#ref-2" title="&quot;The String Representation of Standard Attribute Syntaxes&quot;">2</a>] Filter,
             equalityMatch      [<a href="#ref-3" title="&quot;Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)&quot;">3</a>] AttributeValueAssertion,
             substrings         [4] SubstringFilter,
             greaterOrEqual     [5] AttributeValueAssertion,
             lessOrEqual        [6] AttributeValueAssertion,
             present            [7] AttributeType,
             approxMatch        [8] AttributeValueAssertion
     }

     SubstringFilter ::= SEQUENCE {
             type    AttributeType,
             SEQUENCE OF CHOICE {
                     initial        [0] LDAPString,
                     any            [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>] LDAPString,
                     final          [<a href="#ref-2" title="&quot;The String Representation of Standard Attribute Syntaxes&quot;">2</a>] LDAPString
             }
     }





<span class="grey">Howes                                                           [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc1558">RFC 1558</a>             Representation of LDAP Filters        December 1993</span>


     AttributeValueAssertion ::= SEQUENCE
             attributeType   AttributeType,
             attributeValue  AttributeValue
     }

     AttributeType ::= LDAPString

     AttributeValue ::= OCTET STRING

     LDAPString ::= OCTET STRING

   where the LDAPString above is limited to the IA5 character set.  The
   AttributeType is a string representation of the attribute object
   identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter
   string name of the attribute (e.g., "organizationName", or "o").  The
   AttributeValue OCTET STRING has the form defined in [<a href="#ref-2" title="&quot;The String Representation of Standard Attribute Syntaxes&quot;">2</a>].  The Filter
   is encoded for transmission over a network using the Basic Encoding
   Rules defined in [<a href="#ref-3" title="&quot;Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)&quot;">3</a>], with simplifications described in [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>].

<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>.  String Search Filter Definition</span>

   The string representation of an LDAP search filter is defined by the
   following BNF.  It uses a prefix format.

     &lt;filter&gt; ::= '(' &lt;filtercomp&gt; ')'
     &lt;filtercomp&gt; ::= &lt;and&gt; | &lt;or&gt; | &lt;not&gt; | &lt;item&gt;
     &lt;and&gt; ::= '&amp;' &lt;filterlist&gt;
     &lt;or&gt; ::= '|' &lt;filterlist&gt;
     &lt;not&gt; ::= '!' &lt;filter&gt;
     &lt;filterlist&gt; ::= &lt;filter&gt; | &lt;filter&gt; &lt;filterlist&gt;
     &lt;item&gt; ::= &lt;simple&gt; | &lt;present&gt; | &lt;substring&gt;
     &lt;simple&gt; ::= &lt;attr&gt; &lt;filtertype&gt; &lt;value&gt;
     &lt;filtertype&gt; ::= &lt;equal&gt; | &lt;approx&gt; | &lt;greater&gt; | &lt;less&gt;
     &lt;equal&gt; ::= '='
     &lt;approx&gt; ::= '~='
     &lt;greater&gt; ::= '&gt;='
     &lt;less&gt; ::= '&lt;='
     &lt;present&gt; ::= &lt;attr&gt; '=*'
     &lt;substring&gt; ::= &lt;attr&gt; '=' &lt;initial&gt; &lt;any&gt; &lt;final&gt;
     &lt;initial&gt; ::= NULL | &lt;value&gt;
     &lt;any&gt; ::= '*' &lt;starval&gt;
     &lt;starval&gt; ::= NULL | &lt;value&gt; '*' &lt;starval&gt;
     &lt;final&gt; ::= NULL | &lt;value&gt;

   &lt;attr&gt; is a string representing an AttributeType, and has the format
   defined in [<a href="#ref-1" title="&quot;Lightweight Directory Access Protocol&quot;">1</a>].  &lt;value&gt; is a string representing an AttributeValue,
   or part of one, and has the form defined in [<a href="#ref-2" title="&quot;The String Representation of Standard Attribute Syntaxes&quot;">2</a>].  If a &lt;value&gt; must
   contain one of the characters '*' or '(' or ')', these characters



<span class="grey">Howes                                                           [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc1558">RFC 1558</a>             Representation of LDAP Filters        December 1993</span>


   should be escaped by preceding them with the backslash '\' character.

<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>.  Examples</span>

   This section gives a few examples of search filters written using
   this notation.

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&amp;(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
     (o=univ*of*mich*)

<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>.  Security Considerations</span>

   Security issues are not discussed in this memo.

<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>.  References</span>

   [<a id="ref-1">1</a>] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access
       Protocol", <a href="./rfc1487">RFC 1487</a>, Performance Systems International,
       University of Michigan, ISODE Consortium, July 1993.

   [<a id="ref-2">2</a>] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String
       Representation of Standard Attribute Syntaxes", <a href="./rfc1488">RFC 1488</a>,
       University of Michigan, ISODE Consortium, Performance Systems
       International, NeXor Ltd., July 1993.

   [<a id="ref-3">3</a>] "Specification of Basic Encoding Rules for Abstract Syntax
       Notation One (ASN.1)", CCITT Recommendation X.209, 1988.

<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>.  Author's Address</span>

       Tim Howes
       University of Michigan
       ITD Research Systems
       535 W William St.
       Ann Arbor, MI 48103-4943
       USA

       Phone: +1 313 747-4454
       EMail: tim@umich.edu










Howes                                                           [Page 3]
</pre>