在搜索过滤器中使用DN [英] Using DN in Search Filter

问题描述

有时，在我的LDAP客户端程序中，我必须在搜索过滤器中包括DN值.但是该DN经常更改，因此我每次都必须在代码中更改此过滤器.

In my LDAP Client program sometimes I have to include the DN value within the search filter. But this DN is changing frequently and every I have to change this filter in my code.

当我用它搜索时，我得到了类似的东西

When I googled it for that I got something like this

假设您要从研发和人力资源中拉出所有ObjectType = Person的用户，而不是从Marketing和PM中拉出任何用户.过滤器为:

Suppose you want to pull all users of ObjectType = Person from the R&D and HR ous, but not any users from Marketing and PM. The filter would be:

(&(objectClass=person)(|(ou:dn:=ResearchAndDevelopment)(ou:dn:=HumanResources)))

有人可以详细解释吗?

推荐答案

您应检查 RFC 2254 (LDAP搜索过滤器的字符串表示形式).

You should check RFC 2254 (The String Representation of LDAP Search Filters).

LDAP过滤器对布尔运算符使用抛光符号.因此，运算符被写在其操作数之前:

LDAP filters use polish notation for the boolean operators. So the operator is written before its operands:

(&(condition1)(condition2)(condition3)...)

上面的示例意味着您希望所有满足 condition1 AND condition2 AND condition3 等的LDAP条目.

The example above means that you want all LDAP entries which satisfy condition1 AND condition2 AND condition3 and so on.

然后就是条件本身.它们非常简单，只能包含几种类型:

Then there are condition themselves. They are very simple and can consist only of few types:

• 当前条件-(attrName=*)
• 简单情况-(attrName>=value)/(attrName<=value)/(attrNamevalue=value)/(attrName~=value)
• 子字符串条件-(attrName=*value*)/(attrName=*value)/(attrName=value*)
• 可扩展的条件-(attrName:dn:=value)/(attrName:matchingRule:=value)

• present condition - (attrName=*)
• simple condition - (attrName>=value) / (attrName<=value) / (attrNamevalue=value) / (attrName~=value)
• substring condition - (attrName=*value*) / (attrName=*value) / (attrName=value*)
• extensible condition - (attrName:dn:=value) / (attrName:matchingRule:=value)

带有:dn:关键字的可扩展条件意味着，您还希望同时考虑条目DN中的属性.因此，对于您的案例，条目cn=John Doe,ou=HumanResources,ou=Users,dc=example,dc=com将与过滤器(ou:dn:=HumanResource)相匹配.

The extensible condition with the :dn: keyword means, that you want attributes from the entry DN to be considered as well. So for your case entry cn=John Doe,ou=HumanResources,ou=Users,dc=example,dc=com would match the filter (ou:dn:=HumanResource).

将示例过滤器翻译成英语句子将是:

Translating your example filter to an English sentence would be:

找到所有objectClass等于person并且在ou属性中或在其DN中某个位置具有ResearchAndDevelopment或HumanResources的LDAP条目.

Find me all LDAP entries which have objectClass equal to person and have either ResearchAndDevelopment or HumanResources in their ou attribute or somewhere on their DN.

这篇关于在搜索过滤器中使用DN的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！