1

This article discusses and gives examples of LDAP query syntax http://ff1959.wordpress.com/2011/09/21/mastering-ldap-search-filters/

It shows how the 'filter' portion of the query can give a matching rule. E.g, A filter can specify "exact match" as follows:

(uid:caseExactMatch:=User.0)

Where ":caseExactMatch:" identifies the name of the "matching rule" which the LDAP server will use to filter the results. (e.g. the LDAP server has a matching rule called "caseExactMatch" )

From the article: The above filter will match "User.0" but not "user.0".

My question

  • I see that RFC 4515 defines the syntax. Do major LDAP vendors support this standard, i.e. 'will it work' regardless of implementation (i.e. including OpenLDAP, Microsoft's Active Directory and SunONE directory server)?

  • Do LDAP vendors support the 'matching rule' names' listed in RFC 4517 (e.g. caseExactMatch, caseIgnoreMatch, keywordMatch, numericStringMatch, etc )

Reference

RFC 4515 defines LDAP filters

RFC 4517 defines LDAP matching rules

thanks

user331465
  • 2,984
  • 13
  • 47
  • 77

1 Answers1

3

extensible match filters are supported by Sun DSEE, UnboundID Directory Server, OpenDS, and OpenLDAP for sure - generally it should be supported by LDAP-compliant servers. Don't know about other, non-compliant servers.

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
  • 2
    anyone know about active directory? – user331465 Mar 07 '12 at 21:33
  • @terry garder: Just spent the better half of a whole day discovering that Active Directory does _not_ support caseExactMatch, at least the version I was testing (which I can no longer check). So, I'd suggest constructing a ldapsearch query that gives you a result, then add ":caseExactMatch:" to it and see if it still matches. – Chris Cogdon Dec 15 '15 at 00:55