Skip to main content
Version: 2.2.1

Examples of LDAP filters for connecting to a directory service

The filter and directory fields in the domain configuration record use the LDAP search syntax. See below some basic concepts and examples of how to set up a search filter.

Logical operators in search filter syntax:

Logical operatorDescription
=Equal to
<=Lexicographically less than or equal to
>=Lexicographically greater than or equal to
&AND
&#124;OR
!NO

Search filter examples

See the table below for some examples of how to fill in the "Filter" field on the configuration screen of a directory:

Here is the updated table with additional examples:

Search filterDescription
(displayName=John Smith)Lists the user "John Smith", who will have access to the system.
(!(displayName=John Smith))User "John Smith" will not have access to the system. Returns all users, except "John Smith".
(&(objectClass=User)(department=Commercial))Lists all users in the "Commercial" department.
(&(objectClass=User)( &#124; (department=Commercial)(department=Financial)))Lists all users in the "Commercial" department or the "Financial" department.
department=\*Lists all users who have a department.
(&(ObjectClass=User)(!(ObjectClass=Computer))(&#124; (department=Commercial)(department=Financial))(department=)(title=))Lists all users, excluding computer records, that are located in the "Commercial" and "Financial" departments and have the position attribute defined.
(&(memberOf=CN=SoftExpert,OU=Systems,DC=softexpert.local))Lists all users who are members of the access group of the system (SoftExpert, in the example).

These examples show different search filters that can be used to perform more specific queries in an LDAP directory. Remember to adapt the filters in accordance with your needs and data structure.

The system offers the possibility of defining a filter for querying users, and another filter for querying groups within the corresponding domain. However, regardless of the specific filters defined for querying groups and users, SoftExpert Suite has the following predefined rules:

  • The user filter will always fetch user records (objectClass=user).
  • The group filter will always fetch group records (objectClass=group).

This means that the custom filter you define will be added to the SoftExpert Suite system's default filter, ensuring that queries are correctly targeted to users or groups, in accordance with your configuration.

caution

⚠️ Attention:

  • There is a variety of examples and tutorials available on the Internet that may be useful (search for the "LDAP Search Filter Syntax" key). Additionally, you can find more information and additional resources at: https://ldap.com/ldap-filters/.

Example for "Directory" field completion

Consider a "DptoTest" directory within the "contoso.local" domain:

Active Directory

Here are some examples of how to fill in the "Directory" field on the configuration screen of a domain:

  • Example for applying a filter to a specific directory:(OU=DptoTest,OU=Company,DC=contoso,DC=local)
  • Example with two directories ("Test1" and "Test2"): To search in more than one directory, simply add another directory separated by a comma:(OU=Test1,DC=contoso,DC=local), (OU=Test2,DC=contoso,DC=local)

These examples demonstrate how to specify the path and organizational units (OU) of the directories in which the search will be performed. You can customize these examples according to the structure of your environment by replacing the values "DptoTest", "Company", "Test1", "Test2", and "contoso.local" with the actual names and paths of your directories.

caution

⚠️ Attention:

  • If only one directory is selected, the query will extend to the respective subdirectories, if any. However, if more than one directory is selected, the query will be performed only in those specific directories, without extending to subdirectories.