Secure Mobile Access 12.4 Administration Guide

Advanced Search Methods

If you are familiar with LDAP syntax, you can create an advanced search to further narrow the scope of your query. This is especially useful when querying a large directory. In some cases, you may also need to perform an advanced search to query a directory using a non-standard schema. To perform an advanced search, click the Advanced search tab.

The fields used to specify advanced search criteria are explained in the Advanced search criteria table:

Advanced search criteria
In this field You
Search for value Specify an LDAP search filter to reduce the scope of the search. Type all or part of a user or group name. The default is *, which returns all records in the realm. You can use the wild card character (*) anywhere in the search string. For example, to find group names beginning with the letter j, you would type j*. Or, to find users named Mary or Marty (but not Max), you could type m*y.
Attributes Select an LDAP attribute. For example, you might select sn to look for a user’s surname or cn to find a common name.
Object classes Specify the object class containing users or groups. For users, this is typically user or inetOrgPerson. For groups, this is usually group, groupOfNames, or groupOfUniqueNames.
Search base

Enter the point in the LDAP directory from which to begin searching. Usually, this is the lowest point in the directory tree that contains users or groups.

For LDAP, you might type ou=Users,o=example.com.

To search Microsoft Active Directory, you might use

CN=users,DC=example,DC=corp,DC=com.

Search scope

Select the containers that you want to search:

All levels below base (default) – retrieves information from all levels below the search base. The search base itself is not included in this scope.

One level below base – Retrieves information from one level below the search base. The search base itself is not included in this scope.

Additional filter Specify an LDAP search filter to reduce the scope of the search:

Syntax:

(filter=(operator(LDAP attribute=value)(..)))

Operators:

  • OR = |<![CDATA[ ]]>
  • AND = &<![CDATA[ ]]>
  • NOT = !

Examples:

(cn=Sandy Cane)<![CDATA[ ]]>

(!(cn=Tim Howes))<![CDATA[ ]]>

(&(objectClass=Person)(|(sn=Cane)(cn=Sandy C*)))

For more information on LDAP search filters, see RFC 2254 at http://www.ietf.org/rfc/rfc2254.txt.

The LDAP search syntax is flexible and provides several ways to accomplish the same result. For example, you might use the object class to search for all groups in a directory:

objectclass=group;groupOfNames

Alternatively, you can get the same result using a search filter:

(|(objectclass=group)(objectclass=groupOfNames))

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden