NNS ADix - How to...Query Active Directory using a Bitwise Filter

This topic describes how to use bitwise filters in LDAP queries.

Some attributes are composed of bitwise flags (e.g. 'userAccountControl'). You may need to query for
objects using a bitwise operator to return only objects that match a particular bit being set.
Use the LDAP Matching Rule controls to do this.

The format of the LDAP Matching Rule has the following syntax:


attributename is the LDAP display name of the attribute, ruleOID is the object ID (OID) for the matching
rule control, and value is the decimal value you want to use for comparison. You need to convert from
hexadecimal to decimal.

The value of ruleOID can be one of the following:

An example is when you want to query Active Directory for user class objects that are disabled. The attribute that holds this
information is the 'userAccountControl'-attribute. This attribute is composed of a combination of different flags.
The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The
bitwise comparison filter that specifies 'userAccountControl' with the UF_ACCOUNTDISABLED bit set would resemble this:



Copyright © 2008 by NNS - Nigl Network Solutions