|
This topic describes how to use bitwise filters in LDAP
queries.
Some attributes are composed of bitwise flags (e.g. 'userAccountControl'). You may
need to query for
objects using a bitwise operator to return only objects that match a particular bit being set.
Use the LDAP Matching Rule controls to do this.
The format of the LDAP Matching Rule has the following syntax:
attributename:ruleOID:=value
attributename is the LDAP display name of the attribute,
ruleOID
is the object ID (OID) for the matching
rule control, and value is the decimal value you want to use for
comparison. You need to convert from
hexadecimal to decimal.
The value of ruleOID can be one of the following:
An example is when you want to query Active Directory for user class objects that are disabled. The attribute
that holds this
information is the 'userAccountControl'-attribute. This attribute is composed of a combination of
different flags.
The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has
a value of 0x02 (2 decimal). The
bitwise comparison filter that specifies 'userAccountControl' with the
UF_ACCOUNTDISABLED bit set would resemble this:
(userAccountControl:1.2.840.113556.1.4.803:=2)
Copyright © 2008 by NNS - Nigl Network Solutions |