LDAP Filter Details¶
An LDAP objects list as a tenants list, a groups list or a users list may be filtered to focus on specific mapped attributes or specific values of these attributes. The format of the filter is a JSON object like this one:
{
"filter": {
"mode": "and",
"criteria": [
{
"attribute": "userId",
"operation": "exists"
},
{
"attribute": "extension",
"operation": "equals",
"value": "8120"
}
]
}
}
The following explains how the different values may be used:
Name |
Usage |
|---|---|
mode |
Can be |
criteria |
An array of criterium, each one being evaluated and globally assembled according to the mode option. |
attribute |
The name of a valid mapped attribute (see LDAP Filter Details). |
operation |
Operation is made easy-to-read to humans but at the end map to an LDAP filter. Valid operations are:
*
equals: the attribute is equal to the value*
not_equals: the attribute is different of the value*
exists: the attribute exists (takes no value argument)*
not_exists: the attribute does not exist (takes no value argument)*
starts_with: the attribute starts with the value*
contains: the attribute contains with the value*
ends_with: the attribute ends with the value |
value |
(Optional) Only needed if the selected operation needs a value. Note that the type of the value is determined by attribute
mapping. By default, it is a String and must be enclosed in double quotes (“”). Otherwise, it follows the JSON schema according
to the mapped type.
|