view Side-By-Side changes
Date: Tue, 09 Apr 2002 00:55:14 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Wed, 20 Dec 1995 23:00:00 GMT ETag: "2e9d78-1754-30d89570" Accept-Ranges: bytes Content-Length: 5972 Connection: close Content-Type: text/plain Network Working GroupTimT. HowesINTERNET DRAFTRequest for Comments: 1960 University of Michigan19 December, 1995Obsoletes: 1558 June 1996 Category: Standards Track A String Representation of LDAP Search Filters<draft-ietf-asid-string-filter-00.txt> 1.Status of this Memo This documentisspecifies anInternet-Draft. Internet-Drafts are working docu- ments ofInternet standards track protocol for the InternetEngineering Task Force (IETF), its areas,community, andits working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six monthsrequests discussion andmay be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material orsuggestions for improvements. Please refer tocite them other than as ``work in progress.'' To learnthe currentstatusedition ofany Internet-Draft, please check the ``1id-abstracts.txt'' listing contained intheInternet- Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 2."Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. 1. Abstract The Lightweight Directory Access Protocol (LDAP) [1] defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters.3.2. LDAP Search Filter Definition An LDAP search filter is defined in [1] as follows: Filter ::= CHOICE { and [0] SET OF Filter, or [1] SET OF Filter, not [2] Filter, equalityMatch [3] AttributeValueAssertion, substrings [4] SubstringFilter, greaterOrEqual [5] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion, present [7] AttributeType, approxMatch [8] AttributeValueAssertionHowes [Page 1] RFC DRAFT December 1995} SubstringFilter ::= SEQUENCE { type AttributeType, SEQUENCE OF CHOICE { initial [0] LDAPString, any [1] LDAPString, final [2] LDAPString } } Howes Standards Track [Page 1] RFC 1960 LDAP Search Filters June 1996 AttributeValueAssertion ::= SEQUENCE { attributeType AttributeType, attributeValue AttributeValue } AttributeType ::= LDAPString AttributeValue ::= OCTET STRING LDAPString ::= OCTET STRING where the LDAPString above is limited to the IA5 character set. The AttributeType is a string representation of the attribute type name and is defined in [1]. The AttributeValue OCTET STRING has the form defined in [2]. The Filter is encoded for transmission over a network using the Basic Encoding Rules defined in [3], with simplifications described in [1].4.3. String Search Filter Definition The string representation of an LDAP search filter is defined by the following grammar. It uses a prefix format. <filter> ::= '(' <filtercomp> ')' <filtercomp> ::= <and> | <or> | <not> | <item> <and> ::= '&' <filterlist> <or> ::= '|' <filterlist> <not> ::= '!' <filter> <filterlist> ::= <filter> | <filter> <filterlist> <item> ::= <simple> | <present> | <substring> <simple> ::= <attr> <filtertype> <value> <filtertype> ::= <equal> | <approx> | <greater> | <less> <equal> ::= '=' <approx> ::= '~=' <greater> ::= '>=' <less> ::= '<=' <present> ::= <attr> '=*'Howes [Page 2] RFC DRAFT December 1995<substring> ::= <attr> '=' <initial> <any> <final> <initial> ::= NULL | <value> <any> ::= '*' <starval> <starval> ::= NULL | <value> '*' <starval> <final> ::= NULL | <value> <attr> is a string representing an AttributeType, and has the format defined in [1]. <value> is a string representing an AttributeValue, or part of one, and has the form defined in [2]. If a <value> must contain one of the characters '*' or '(' or ')', these characters should be escaped by preceding them with the backslash '\' character. Howes Standards Track [Page 2] RFC 1960 LDAP Search Filters June 1996 Note that although both the <substring> and <present> productions can produce the 'attr=*' construct, this construct is used only to denote a presence filter.5.4. Examples This section gives a few examples of search filters written using this notation. (cn=Babs Jensen) (!(cn=Tim Howes)) (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))) (o=univ*of*mich*)6.5. Security Considerations Security considerations are not discussed in thisdocument. 7.memo. 6. Bibliography [1]Lightweight Directory Access Protocol. WengyikYeong,TimW., Howes,SteveT., and S. Kille,Request for Comment (RFC)"Lightweight Directory Access Protocol", RFC 1777, March19951995. [2]TheHowes, R., Kille, S., Yeong, W., and C. Robbins, "The String Representation of Standard AttributeSyntaxes. T. Howes, S. Kille, W. Yeong, C.J. Robbins; Request for Comment (RFC)Syntaxes", RFC 1778, March19951995. [3] Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). CCITT Recommendation X.209, 1988.8.7. Author's Address Tim Howes University of Michigan ITD Research Systems 535 W William St. Ann Arbor, MI 48103-4943Howes [Page 3] RFC DRAFT December 1995USA Phone: +1 313 747-4454 EMail: tim@umich.edu Howes Standards Track [Page4]3] ----