Документ взят из кэша поисковой машины. Адрес оригинального документа : http://mirror.msu.net/pub/rfc-editor/rfc-ed-all/pdfrfc/rfc1558.txt.pdf Дата изменения: Wed Mar 27 23:12:49 2002 Дата индексирования: Tue Oct 2 18:40:20 2012 Кодировка:

Network Working Group Request for Comments: 1558 Category: Informational

T. Howes University of Michigan December 1993

A String Representation of LDAP Search Filters Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract The Lightweight Directory Access Protocol (LDAP) [1] defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters. 1. LDAP Search Filter Definition An LDAP search filter is defined in [1] as follows: Filter ::= CHOICE { and or not equalityMatch substrings greaterOrEqual lessOrEqual present approxMatch }

[0] [1] [2] [3] [4] [5] [6] [7] [8]

SET OF Filter, SET OF Filter, Filter, AttributeValueAssertion, SubstringFilter, AttributeValueAssertion, AttributeValueAssertion, AttributeType, AttributeValueAssertion

SubstringFilter ::= SEQUENCE { type AttributeType, SEQUENCE OF CHOICE { initial [0] LDAPString, any [1] LDAPString, final [2] LDAPString } }

Howes

[Page 1]


RFC 1558

Representation of LDAP Filters

December 1993

AttributeValueAssertion ::= SEQUENCE attributeType AttributeType, attributeValue AttributeValue } AttributeType ::= LDAPString AttributeValue ::= OCTET STRING LDAPString ::= OCTET STRING where the LDAPString above is limited to the IA5 character set. The AttributeType is a string representation of the attribute object identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter string name of the attribute (e.g., "organizationName", or "o"). The AttributeValue OCTET STRING has the form defined in [2]. The Filter is encoded for transmission over a network using the Basic Encoding Rules defined in [3], with simplifications described in [1]. 2. String Search Filter Definition The string representation of an LDAP search filter is defined by the following BNF. It uses a prefix format. ::= '(' ')' ::= | | | ::= '&' ::= '|' ::= '!' ::= | ::= | | ::= ::= | | | ::= '=' ::= '~=' ::= '>=' ::= '<=' ::= '=*' ::= '=' ::= NULL | ::= '*' ::= NULL | '*' ::= NULL | defined or part contain is a in of one string representing an AttributeType, [1]. is a string representing one, and has the form defined in [2]. of the characters '*' or '(' or ')', and has the format an AttributeValue, If a must these characters

Howes

[Page 2]


RFC 1558

Representation of LDAP Filters

December 1993

should be escaped by preceding them with the backslash '\' character. 3. Examples This section gives a few examples of search filters written using this notation. (cn=Babs Jensen) (!(cn=Tim Howes)) (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))) (o=univ*of*mich*) 4. Security Considerations Security issues are not discussed in this memo. 5. References [1] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access Protocol", RFC 1487, Performance Systems International, University of Michigan, ISODE Consortium, July 1993. [2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String Representation of Standard Attribute Syntaxes", RFC 1488, University of Michigan, ISODE Consortium, Performance Systems International, NeXor Ltd., July 1993. [3] "Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.209, 1988. 6. Author's Address Tim Howes University of ITD Research 535 W William Ann Arbor, MI USA

Michigan Systems St. 48103-4943

Phone: +1 313 747-4454 EMail: tim@umich.edu

Howes

[Page 3]