Examples of LDAP filters for connecting to a directory service
The filter and directory fields in the domain configuration record use the LDAP search syntax. See below some basic concepts and examples of how to set up a search filter.
Logical operators in search filter syntax:
Logical operator | Description |
---|---|
= | Equal to |
<= | Lexicographically less than or equal to |
>= | Lexicographically greater than or equal to |
& | AND |
| | OR |
! | NO |
Search filter examples
See the table below for some examples of how to fill in the "Filter" field on the configuration screen of a directory:
Here is the updated table with additional examples:
Search filter | Description |
---|---|
(displayName=John Smith) | Lists the user "John Smith", who will have access to the system. |
(!(displayName=John Smith)) | User "John Smith" will not have access to the system. Returns all users, except "John Smith". |
(&(objectClass=User)(department=Commercial)) | Lists all users in the "Commercial" department. |
(&(objectClass=User)( | (department=Commercial)(department=Financial))) | Lists all users in the "Commercial" department or the "Financial" department. |
department=\* | Lists all users who have a department. |
(&(ObjectClass=User)(!(ObjectClass=Computer))(| (department=Commercial)(department=Financial))(department=)(title=)) | Lists all users, excluding computer records, that are located in the "Commercial" and "Financial" departments and have the position attribute defined. |
(&(memberOf=CN=SoftExpert,OU=Systems,DC=softexpert.local)) | Lists all users who are members of the access group of the system (SoftExpert, in the example). |
These examples show different search filters that can be used to perform more specific queries in an LDAP directory. Remember to adapt the filters in accordance with your needs and data structure.
The system offers the possibility of defining a filter for querying users, and another filter for querying groups within the corresponding domain. However, regardless of the specific filters defined for querying groups and users, SoftExpert Suite has the following predefined rules:
- The user filter will always fetch user records (objectClass=user).
- The group filter will always fetch group records (objectClass=group).
This means that the custom filter you define will be added to the SoftExpert Suite system's default filter, ensuring that queries are correctly targeted to users or groups, in accordance with your configuration.
⚠️ Attention:
- There is a variety of examples and tutorials available on the Internet that may be useful (search for the "LDAP Search Filter Syntax" key). Additionally, you can find more information and additional resources at: https://ldap.com/ldap-filters/.
Example for "Directory" field completion
Consider a "DptoTest" directory within the "contoso.local" domain:
Here are some examples of how to fill in the "Directory" field on the configuration screen of a domain:
- Example for applying a filter to a specific
directory:
(OU=DptoTest,OU=Company,DC=contoso,DC=local)
- Example with two directories ("Test1" and "Test2"): To search in more than one
directory, simply add another directory separated by a
comma:
(OU=Test1,DC=contoso,DC=local), (OU=Test2,DC=contoso,DC=local)
These examples demonstrate how to specify the path and organizational units (OU) of the directories in which the search will be performed. You can customize these examples according to the structure of your environment by replacing the values "DptoTest", "Company", "Test1", "Test2", and "contoso.local" with the actual names and paths of your directories.
⚠️ Attention:
- If only one directory is selected, the query will extend to the respective subdirectories, if any. However, if more than one directory is selected, the query will be performed only in those specific directories, without extending to subdirectories.