Understanding LDAP Search Filters

Lightweight Directory Access Protocol (LDAP) search filters use the prefix notation in the definition of an expression, unlike everyday mathematical expressions, which use infix notation. In prefix notation, the operator precedes the operands, and the precedence of operators is implicit within the expression.

For example, with infix notation, you represent the expression that adds 3 to 4 as (3 + 4). With prefix notation, you represent this concept as (+ 3 4).

LDAP search filters use the following symbols to represent logical operators: a vertical bar (|) represents the logical OR operator, an ampersand (&) represents the logical AND operator, and an exclamation point (!) represents the logical NOT operator.

Understanding what an LDAP search filter defines when it appears as a long string of text can be difficult. To make interpretation easier—when defining search filters or evaluating existing search filters—you can format the text into separate lines with horizontal tabs. For example, I find this representation of the search filter




easier to read and understand than this representation:



The Internet Engineering Task Force (IETF) Request for Comments (RFC) 2254 fully defines the syntax for LDAP search filters. I recommend taking a look at this RFC if you intend to build complex search filters to achieve sophisticated Active Directory Connector (ADC) synchronization.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.