Movatterモバイル変換

Network Working Group                                           T. HowesRequest for Comments: 1558                        University of MichiganCategory: Informational                                    December 1993A String Representation of LDAP Search FiltersStatus of this Memo   This memo provides information for the Internet community.  This memo   does not specify an Internet standard of any kind.  Distribution of   this memo is unlimited.Abstract   The Lightweight Directory Access Protocol (LDAP) [1] defines a   network representation of a search filter transmitted to an LDAP   server.  Some applications may find it useful to have a common way of   representing these search filters in a human-readable form.  This   document defines a human-readable string format for representing LDAP   search filters.1.  LDAP Search Filter Definition   An LDAP search filter is defined in [1] as follows:     Filter ::= CHOICE {             and                [0] SET OF Filter,             or                 [1] SET OF Filter,             not                [2] Filter,             equalityMatch      [3] AttributeValueAssertion,             substrings         [4] SubstringFilter,             greaterOrEqual     [5] AttributeValueAssertion,             lessOrEqual        [6] AttributeValueAssertion,             present            [7] AttributeType,             approxMatch        [8] AttributeValueAssertion     }     SubstringFilter ::= SEQUENCE {             type    AttributeType,             SEQUENCE OF CHOICE {                     initial        [0] LDAPString,                     any            [1] LDAPString,                     final          [2] LDAPString             }     }Howes                                                           [Page 1]

RFC 1558             Representation of LDAP Filters        December 1993     AttributeValueAssertion ::= SEQUENCE             attributeType   AttributeType,             attributeValue  AttributeValue     }     AttributeType ::= LDAPString     AttributeValue ::= OCTET STRING     LDAPString ::= OCTET STRING   where the LDAPString above is limited to the IA5 character set.  The   AttributeType is a string representation of the attribute object   identifier in dotted OID format (e.g., "2.5.4.10"), or the shorter   string name of the attribute (e.g., "organizationName", or "o").  The   AttributeValue OCTET STRING has the form defined in [2].  The Filter   is encoded for transmission over a network using the Basic Encoding   Rules defined in [3], with simplifications described in [1].2.  String Search Filter Definition   The string representation of an LDAP search filter is defined by the   following BNF.  It uses a prefix format.     <filter> ::= '(' <filtercomp> ')'     <filtercomp> ::= <and> | <or> | <not> | <item>     <and> ::= '&' <filterlist>     <or> ::= '|' <filterlist>     <not> ::= '!' <filter>     <filterlist> ::= <filter> | <filter> <filterlist>     <item> ::= <simple> | <present> | <substring>     <simple> ::= <attr> <filtertype> <value>     <filtertype> ::= <equal> | <approx> | <greater> | <less>     <equal> ::= '='     <approx> ::= '~='     <greater> ::= '>='     <less> ::= '<='     <present> ::= <attr> '=*'     <substring> ::= <attr> '=' <initial> <any> <final>     <initial> ::= NULL | <value>     <any> ::= '*' <starval>     <starval> ::= NULL | <value> '*' <starval>     <final> ::= NULL | <value>   <attr> is a string representing an AttributeType, and has the format   defined in [1].  <value> is a string representing an AttributeValue,   or part of one, and has the form defined in [2].  If a <value> must   contain one of the characters '*' or '(' or ')', these charactersHowes                                                           [Page 2]

RFC 1558             Representation of LDAP Filters        December 1993   should be escaped by preceding them with the backslash '\' character.3.  Examples   This section gives a few examples of search filters written using   this notation.     (cn=Babs Jensen)     (!(cn=Tim Howes))     (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))     (o=univ*of*mich*)4.  Security Considerations   Security issues are not discussed in this memo.5.  References   [1] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access       Protocol",RFC 1487, Performance Systems International,       University of Michigan, ISODE Consortium, July 1993.   [2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String       Representation of Standard Attribute Syntaxes",RFC 1488,       University of Michigan, ISODE Consortium, Performance Systems       International, NeXor Ltd., July 1993.   [3] "Specification of Basic Encoding Rules for Abstract Syntax       Notation One (ASN.1)", CCITT Recommendation X.209, 1988.6.  Author's Address       Tim Howes       University of Michigan       ITD Research Systems       535 W William St.       Ann Arbor, MI 48103-4943       USA       Phone: +1 313 747-4454       EMail: tim@umich.eduHowes                                                           [Page 3]