LDAP
Lightweight Directory Access Protocol
DSA
Directory System Agent
Provide LDAP service
Entry
Include
- DN
- Attributes
- Classes
DN
Distinguished Name
Unique ID string of entry
<filter>
(<attribute><operator><value>)
Ref: Search Filter Syntax
Matching rule
(<attribute>:<matching rule OID>:=<value>)
<operator> | Meaning |
|---|---|
= | Equality |
>= | Greater than or equal to (lexicographical) |
<= | Less than or equal to (lexicographical) |
not
(!<filter>)
or
(|<filter><filter>...)
and
(&<filter><filter>...)
<value>
Wildcard
[*]<value>[*]
<text>
Not empty <attribute>
(<attribute>=*)
Special Characters
Escape Characters \<ascii code (2 digits)>
| Character | Code |
|---|---|
* | \2A |
( | \28 |
) | \29 |
\ | \5C |
Nul | \00 |
objectCategory and objectClass
objectCategoryis single valued and indexedobjectClassis multi-valued and not indexed
objectCategory | objectClass | Result |
|---|---|---|
person | user | user objects |
person | user and contact objects | |
person | contact | contact objects |
user | user and computer objects | |
computer | computer objects | |
user | user and contact objects | |
contact | contact objects | |
computer | computer objects | |
person | user, computer, and contact objects | |
contact | user and contact objects | |
group | group objects | |
group | group objects | |
person | organizationalPerson | user and contact objects |
organizationalPerson | user, computer, and contact objects | |
organizationalPerson | user and contact objects |