datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
RFC 4515

Document type: RFC - Proposed Standard (June 2006; Errata)
Obsoletes RFC 2254
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4515 (Proposed Standard)
Responsible AD: Ted Hardie
Send notices to: kurt@openLDAP.org, rlmorgan@washington.edu

Network Working Group                                      M. Smith, Ed.
Request for Comments: 4515                           Pearl Crescent, LLC
Obsoletes: 2254                                                 T. Howes
Category: Standards Track                                  Opsware, Inc.
                                                               June 2006

             Lightweight Directory Access Protocol (LDAP):
                String Representation of Search Filters

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   Lightweight Directory Access Protocol (LDAP) search filters are
   transmitted in the LDAP protocol using a binary representation that
   is appropriate for use on the network.  This document defines a
   human-readable string representation of LDAP search filters that is
   appropriate for use in LDAP URLs (RFC 4516) and in other
   applications.

Table of Contents

   1. Introduction ....................................................2
   2. LDAP Search Filter Definition ...................................2
   3. String Search Filter Definition .................................3
   4. Examples ........................................................5
   5. Security Considerations .........................................7
   6. Normative References ............................................7
   7. Informative References ..........................................8
   8. Acknowledgements ................................................8
   Appendix A: Changes Since RFC 2254 .................................9
      A.1. Technical Changes ..........................................9
      A.2. Editorial Changes ..........................................9

Smith and Howes             Standards Track                     [Page 1]
RFC 4515     LDAP: String Representation of Search Filters     June 2006

1.  Introduction

   The Lightweight Directory Access Protocol (LDAP) [RFC4510] defines a
   network representation of a search filter transmitted to an LDAP
   server.  Some applications may find it useful to have a common way of
   representing these search filters in a human-readable form; LDAP URLs
   [RFC4516] are an example of one such application.  This document
   defines a human-readable string format for representing the full
   range of possible LDAP version 3 search filters, including extended
   match filters.

   This document is a integral part of the LDAP technical specification
   [RFC4510], which obsoletes the previously defined LDAP technical
   specification, RFC 3377, in its entirety.

   This document replaces RFC 2254.  Changes to RFC 2254 are summarized
   in Appendix A.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14 [RFC2119].

2.  LDAP Search Filter Definition

   An LDAP search filter is defined in Section 4.5.1 of [RFC4511] as
   follows:

        Filter ::= CHOICE {
            and                [0] SET SIZE (1..MAX) OF filter Filter,
            or                 [1] SET SIZE (1..MAX) OF filter Filter,
            not                [2] Filter,
            equalityMatch      [3] AttributeValueAssertion,
            substrings         [4] SubstringFilter,
            greaterOrEqual     [5] AttributeValueAssertion,
            lessOrEqual        [6] AttributeValueAssertion,
            present            [7] AttributeDescription,
            approxMatch        [8] AttributeValueAssertion,
            extensibleMatch    [9] MatchingRuleAssertion }

        SubstringFilter ::= SEQUENCE {
            type    AttributeDescription,
            -- initial and final can occur at most once
            substrings    SEQUENCE SIZE (1..MAX) OF substring CHOICE {
             initial        [0] AssertionValue,
             any            [1] AssertionValue,
             final          [2] AssertionValue } }

Smith and Howes             Standards Track                     [Page 2]
RFC 4515     LDAP: String Representation of Search Filters     June 2006

        AttributeValueAssertion ::= SEQUENCE {
            attributeDesc   AttributeDescription,
            assertionValue  AssertionValue }

[include full document text]