Advanced Search Methods

If you are familiar with LDAP syntax, you can create an advanced search to further narrow the scope of your query. This is especially useful when querying a large directory. In some cases, you may also need to perform an advanced search to query a directory using a non-standard schema. To perform an advanced search, click the Advanced search tab.

The fields used to specify advanced search criteria are explained in the Advanced search criteria table:

Advanced search criteria

In this field	You
Search for value	Specify an LDAP search filter to reduce the scope of the search. Type all or part of a user or group name. The default is *, which returns all records in the realm. You can use the wild card character (*) anywhere in the search string. For example, to find group names beginning with the letter j, you would type j*. Or, to find users named Mary or Marty (but not Max), you could type m*y.
Attributes	Select an LDAP attribute. For example, you might select sn to look for a user’s surname or cn to find a common name.
Object classes	Specify the object class containing users or groups. For users, this is typically user or inetOrgPerson. For groups, this is usually group, groupOfNames, or groupOfUniqueNames.
Search base	Enter the point in the LDAP directory from which to begin searching. Usually, this is the lowest point in the directory tree that contains users or groups. For LDAP, you might type ou=Users,o=example.com. To search Microsoft Active Directory, you might use CN=users,DC=example,DC=corp,DC=com.
Search scope	Select the containers that you want to search: All levels below base (default) – retrieves information from all levels below the search base. The search base itself is not included in this scope. One level below base – Retrieves information from one level below the search base. The search base itself is not included in this scope.
Additional filter	Specify an LDAP search filter to reduce the scope of the search:
	Syntax: (filter=(operator(LDAP attribute=value)(..))) Operators: OR = | AND = & NOT = ! Examples: (cn=Sandy Cane) (!(cn=Tim Howes)) (&(objectClass=Person)(|(sn=Cane)(cn=Sandy C*)))

For more information on LDAP search filters, see RFC 2254 at http://www.ietf.org/rfc/rfc2254.txt.

The LDAP search syntax is flexible and provides several ways to accomplish the same result. For example, you might use the object class to search for all groups in a directory:

objectclass=group;groupOfNames

Alternatively, you can get the same result using a search filter:

(|(objectclass=group)(objectclass=groupOfNames))