Skip to main content

A String Representation of LDAP Search Filters

The information below is for an old version of the document that is already published as an RFC.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 1960.
Author Tim Howes
Last updated 2013-03-02 (Latest revision 1995-12-20)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state (None)
Document shepherd (None)
IESG IESG state Became RFC 1960 (Proposed Standard)
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Network Working Group                                        Tim Howes
INTERNET DRAFT                                  University of Michigan
                                                     19 December, 1995

             A String Representation of LDAP Search Filters

1.  Status of this Memo

This document is an Internet-Draft.  Internet-Drafts are  working  docu-
ments  of the Internet Engineering Task Force (IETF), its areas, and its
working groups.  Note that other  groups  may  also  distribute  working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum  of  six  months
and  may  be  updated,  replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as ``work in progress.''

To learn the current status of  any  Internet-Draft,  please  check  the
``1id-abstracts.txt''  listing  contained in the Internet- Drafts Shadow
Directories on (US East Coast),  (Europe), (US West Coast), or (Pacific Rim).

2.  Abstract

The Lightweight Directory Access Protocol (LDAP) [1] defines  a  network
representation  of  a search filter transmitted to an LDAP server.  Some
applications may find it useful to have a  common  way  of  representing
these  search filters in a human-readable form.  This document defines a
human-readable string format for representing LDAP search filters.

3.  LDAP Search Filter Definition

An LDAP search filter is defined in [1] as follows:

     Filter ::= CHOICE {
             and                [0] SET OF Filter,
             or                 [1] SET OF Filter,
             not                [2] Filter,
             equalityMatch      [3] AttributeValueAssertion,
             substrings         [4] SubstringFilter,
             greaterOrEqual     [5] AttributeValueAssertion,
             lessOrEqual        [6] AttributeValueAssertion,
             present            [7] AttributeType,
             approxMatch        [8] AttributeValueAssertion

Howes                                                           [Page 1]

RFC DRAFT                                                  December 1995


     SubstringFilter ::= SEQUENCE {
             type    AttributeType,
             SEQUENCE OF CHOICE {
                     initial        [0] LDAPString,
                     any            [1] LDAPString,
                     final          [2] LDAPString

     AttributeValueAssertion ::= SEQUENCE {
             attributeType   AttributeType,
             attributeValue  AttributeValue

     AttributeType ::= LDAPString

     AttributeValue ::= OCTET STRING

     LDAPString ::= OCTET STRING

where the LDAPString above is limited to the  IA5  character  set.   The
AttributeType  is a string representation of the attribute type name and
is defined in [1].  The AttributeValue OCTET STRING has the form defined
in [2].  The Filter is encoded for transmission over a network using the
Basic Encoding Rules defined in [3], with simplifications  described  in

4.  String Search Filter Definition

The string representation of an LDAP search filter  is  defined  by  the
following grammar.  It uses a prefix format.

     <filter> ::= '(' <filtercomp> ')'
     <filtercomp> ::= <and> | <or> | <not> | <item>
     <and> ::= '&' <filterlist>
     <or> ::= '|' <filterlist>
     <not> ::= '!' <filter>
     <filterlist> ::= <filter> | <filter> <filterlist>
     <item> ::= <simple> | <present> | <substring>
     <simple> ::= <attr> <filtertype> <value>
     <filtertype> ::= <equal> | <approx> | <greater> | <less>
     <equal> ::= '='
     <approx> ::= '~='
     <greater> ::= '>='
     <less> ::= '<='
     <present> ::= <attr> '=*'

Howes                                                           [Page 2]

RFC DRAFT                                                  December 1995

     <substring> ::= <attr> '=' <initial> <any> <final>
     <initial> ::= NULL | <value>
     <any> ::= '*' <starval>
     <starval> ::= NULL | <value> '*' <starval>
     <final> ::= NULL | <value>

<attr> is a string representing an AttributeType,  and  has  the  format
defined  in [1].  <value> is a string representing an AttributeValue, or
part of one, and has the form defined in [2].  If a <value> must contain
one  of  the  characters  '*'  or '(' or ')', these characters should be
escaped by preceding them with the backslash '\' character.   Note  that
although  both the <substring> and <present> productions can produce the
'attr=*' construct, this construct is used only  to  denote  a  presence

5.  Examples

This section gives a few examples of search filters written  using  this

     (cn=Babs Jensen)
     (!(cn=Tim Howes))
     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))

6.  Security Considerations

Security considerations are not discussed in this document.

7.  Bibliography

[1]  Lightweight Directory Access Protocol.  Wengyik Yeong,  Tim  Howes,
     Steve Kille, Request for Comment (RFC) 1777, March 1995

[2]  The String  Representation  of  Standard  Attribute  Syntaxes.   T.
     Howes, S.  Kille, W. Yeong, C.J. Robbins; Request for Comment (RFC)
     1778, March 1995

[3]  Specification of Basic Encoding Rules for Abstract Syntax  Notation
     One (ASN.1).  CCITT Recommendation X.209, 1988.

8.  Author's Address

   Tim Howes
   University of Michigan
   ITD Research Systems
   535 W William St.
   Ann Arbor, MI 48103-4943

Howes                                                           [Page 3]

RFC DRAFT                                                  December 1995

   +1 313 747-4454

Howes                                                           [Page 4]