首页 > 学院 > 网络通信 > 正文

RFC1558 - A String Representation of LDAP Search Filters

2019-11-04 10:41:55
字体:
来源:转载
供稿:网友

  Network Working Group T. Howes
Request for Comments: 1558 University of Michigan
Category: Informational December 1993

A String RePResentation of LDAP Search Filters

Status of this Memo

This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

Abstract

The Lightweight Directory access Protocol (LDAP) [1] defines a
network representation of a search filter transmitted to an LDAP
server. Some applications may find it useful to have a common way of
representing these search filters in a human-readable form. This
document defines a human-readable string format for representing LDAP
search filters.

1. LDAP Search Filter Definition

An LDAP search filter is defined in [1] as follows:

Filter ::= CHOICE {
and [0] SET OF Filter,
or [1] SET OF Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeType,
approxMatch [8] AttributeValueAssertion
}

SubstringFilter ::= SEQUENCE {
type AttributeType,
SEQUENCE OF CHOICE {
initial [0] LDAPString,
any [1] LDAPString,
final [2] LDAPString
}
}

AttributeValueAssertion ::= SEQUENCE
attributeType AttributeType,
attributeValue AttributeValue
}

AttributeType ::= LDAPString

AttributeValue ::= OCTET STRING

LDAPString ::= OCTET STRING

where the LDAPString above is limited to the IA5 character set. The
AttributeType is a string representation of the attribute object
identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter
string name of the attribute (e.g., "organizationName", or "o"). The
AttributeValue OCTET STRING has the form defined in [2]. The Filter
is encoded for transmission over a network using the Basic Encoding
Rules defined in [3], with simplifications described in [1].

2. String Search Filter Definition

The string representation of an LDAP search filter is defined by the
following BNF. It uses a prefix format.

<filter> ::= '(' <filtercomp> ')'
<filtercomp> ::= <and> <or> <not> <item>
<and> ::= '&' <filterlist>
<or> ::= '' <filterlist>
<not> ::= '!' <filter>
<filterlist> ::= <filter> <filter> <filterlist>
<item> ::= <simple> <present> <substring>
<simple> ::= <attr> <filtertype> <value>
<filtertype> ::= <equal> <approx> <greater> <less>
<equal> ::= '='
<approx> ::= '~='
<greater> ::= '>='
<less> ::= '<='
<present> ::= <attr> '=*'
<substring> ::= <attr> '=' <initial> <any> <final>
<initial> ::= NULL <value>
<any> ::= '*' <starval>
<starval> ::= NULL <value> '*' <starval>
<final> ::= NULL <value>

<attr> is a string representing an AttributeType, and has the format
defined in [1]. <value> is a string representing an AttributeValue,
or part of one, and has the form defined in [2]. If a <value> must
contain one of the characters '*' or '(' or ')', these characters

should be escaped by preceding them with the backslash '/' character.

3. Examples

This section gives a few examples of search filters written using
this notation.

(cn=Babs Jensen)
(!(cn=Tim Howes))
(&(objectClass=Person)((sn=Jensen)(cn=Babs J*)))
(o=univ*of*mich*)

4. Security Considerations

Security issues are not discussed in this memo.

5. References

[1] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access
Protocol", RFC1487, Performance Systems International,
University of Michigan, ISODE Consortium, July 1993.

[2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String
Representation of Standard Attribute Syntaxes", RFC1488,
University of Michigan, ISODE Consortium, Performance Systems
International, NeXor Ltd., July 1993.

[3] "Specification of Basic Encoding Rules for Abstract Syntax
Notation One (ASN.1)", CCITT Recommendation X.209, 1988.

6. Author's Address

Tim Howes
University of Michigan
ITD Research Systems
535 W William St.
Ann Arbor, MI 48103-4943
USA

Phone: +1 313 747-4454
EMail: tim@umich.edu


发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表