LDAP search using regular expression

Question

is there a way I could search on LDAP using a regular expression for a field? I am using ldapsearch or "Sun Java System Directory Server control center" for the search.

Answer 1

The answer is NO you can't. Why ?

Because the LDAP standard describes an LDAP-SEARCH as kind of function with 4 parameters :

1. The nod where to begin the search which is a Distinguished Name (DN)
2. The attributes you want to be brought back
3. The depth of the search (base, one-level, subtree)
4. The filter.

You are interested in the filter.

MSDN Syntax Documentation

LDAP Explorer Documentation

Beyond the syntax

The thing you must understand, is that operators between attributes and values and wildcard inside values, interact with the matching rules which are part of the SCHEMA of your Directory. In ex Sun Directory (now oracle) each attribute can be setup with three matching rules (equality, ordering, substring).

Answer 2

LDAP supports 'substring' searches, which are not quite the same thing as wildcards. Examples of substring filters are '(uid=abc*)' and '(mail='john@*.com')' and so forth.

It is usually wise to contact your directory services administrator and ask for any attributes you intend to use in the filter to be indexed for substring searches. Professional LDAP servers support substring searches, and in order for the searches to be indexed, a minimum number of characters may need to be specified. For example, if the server is the Sun Directory Server (Sun ONE, DSEE, or SJS DS), two characters are required before the '*' character in a filter before indexes become effective, like '(mail=ab*)' might use indexes, whereas '(mail=a*)' might not use indexes.