3.1.1.2.2.4 Supported Comparison Operations
In addition to determining what can be stored in an attribute, the syntaxes determine what comparison operations the server permits on an attribute in an LDAP search filter, as well as how the server performs those comparisons. The following table maps each of the LDAP syntaxes to a comparison rule. All syntaxes of the same comparison rule support the same comparison operations and are compared using the same comparison rules.
-
-
LDAP syntax
Comparison rule
Boolean
Bool
Enumeration
Integer
Integer
Integer
LargeInteger
Integer
Object(Access-Point)
DN-String
Object(DN-String)
DN-String
Object(OR-Name)
DN-Binary
Object(DN-Binary)
DN-Binary
Object(DS-DN)
DN
Object(Presentation-Address)
PresentationAddress
Object(Replica-Link)
Octet
String(Case)
CaseString
String(IA5)
CaseString
String(NT-Sec-Desc)
SecDesc
String(Numeric)
CaseString
String(Object-Identifier)
OID
String(Octet)
Octet
String(Printable)
CaseString
String(Sid)
Sid
String(Teletex)
NoCaseString
String(Unicode)
UnicodeString
String(UTC-Time)
Time
String(Generalized-Time)
Time
-
The following table (split into three parts for readability) shows which of the choices in an LDAP filter (that is, which comparison operations) are supported for each comparison rule. The LDAP filter structure is defined in [RFC2251] section 4.5.1. Each comparison rule (for example, the rule for comparing two Bool values) is discussed following the table. The "and", "or", and "not" choices in an LDAP filter are not included in this table because they are not comparisons performed against an attribute value. Active Directory treats approxMatch as equivalent to equalityMatch. For details on the three extensible matching rules, see section 3.1.1.3.4.4.
-
Comparison rule
present
equalityMatch
approxMatch
Bool
X
X
X
Integer
X
X
X
DN-String
X
X
X
DN-Binary
X
X
X
DN
X
X
X
PresentationAddress
X
X
X
Octet
X
X
X
CaseString
X
X
X
SecDesc
X
OID
X
X
X
Sid
X
X
X
NoCaseString
X
X
X
UnicodeString
X
X
X
Time
X
X
X
-
Comparison rule
lessOrEqual
greaterOrEqual
substrings
Bool
X
X
Integer
X
X
DN-String
DN-Binary
DN
PresentationAddress
Octet
X
X
X
CaseString
X
X
X
SecDesc
OID
Sid
X
X
X
NoCaseString
X
X
X
UnicodeString
X
X
X
Time
X
X
Note In the following table, the constant names in the headers for the extensibleMatch columns are prefixed with "LDAP_MATCHING_RULE_". For example, "...BIT_AND" is actually "LDAP_MATCHING_RULE_BIT_AND".
-
Comparison rule
extensibleMatch: ...BIT_AND
extensibleMatch: ...BIT_OR
extensibleMatch: ...TRANSITIVE_EVAL
Bool
Integer
X
X
DN-String
X*
DN-Binary
X*
DN
X*
PresentationAddress
Octet
CaseString
SecDesc
OID
Sid
NoCaseString
UnicodeString
Time
* Supported only if the attribute is a link attribute. Evaluates to Undefined otherwise.