[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap binary search data.

Howdy Sanju,

Sanju Burkule wrote:
> This might not be the best newsgroup for a ldap question, but my previous
> questions were answered from this newsgroup. I had also posted this same
> query at active.directory.interfaces and win2000.active_directory yesterday
> morning, but nobody has got to it yet.
> Can somebody please help...

This is definitely the wrong newgroup for this kind of question but I'll try and answer anyway.

> How to specify ldap_search_s filter for
> searching 'binary' data. Eg. If I would like to search an object using a
> objectGUID binary value, how to specify that value in the search filter?
> Should I convert that GUID to string and then concaternate it with
> "objectGUID=" portion of the filter - or is there some other way of doing
> it?
> Does anybody know is this possible in windows 2000 using LDAP API directly?
> I could not find any example on search filters which search for binary data.
> Thanks again,
> sanju

The search filters that you can use in LDAPv3 (and v2) is based on attribute for the entries you wish you performs filter searches on. An entry in LDAP can look like:

	DN: "cn=Mikael Grehn,o=Envilogg,c=SE"
	RDN: "cn=Mikael Grehn"
	OBJECTCLASS:	"top","newPilotPerson"
	CN:  "Mikael Grehn"
	GIVENNAME: "Mikael"
	SN: "Grehn"
	MAIL: "mikael@envilogg.se"

Where DN is the unique (in the current LDAP directory you wish too perform the search in) identifier in LDAP 'tree'. RDN i just naming the last content of the DN (specific to this entry).
CN,GIVENNAME,SN,MAIL e.t.c. are standardized attributenames describing the content of this entry.

The OBJECTCLASS attribut describes what kind of type this entry is and what attribute types are required and available.

In LDAP you can search in 3 different ways:
	1. base search - searching one specific entry. You then have to give the complete DN of the entry you wish to search for.
	2. onelevel search - you give the parent DN and ask for this parents 'direct' children entries.
	3. sub tree search - you give the parent DN and ask for all children nodes (at any level) this parent node has.

When working with filters you often do a subtree search (with lots of results). The filters are based on the attributes, i.e. a filter can look like:


which means "Only give me entries that have 'CN=Mikael* AND OBJECTCLASS=top'"

To get all entries (using subtree search under the rootnode 'C=US') that contain binary data, I guess you have to specify a specific attribute type telling you that this entry contains binary data
(from a file or something). I have never used an attributetype of this kind but there is a attributetype named 'fileFormat' that might be useful. A filter then could look like:


if the attributetype really represents this.

For more detailed LDAP response (where you WILL get more detailed info about LDAP) please mail to:


I also strongly recommend you to visit their homepage (not a commerial company) and link to their mailing lists at :



Mikael Grehn
Systems Engineer
Envilogg Datateknik AB
Tel: +46 (0)18 ? 135918
Fax: +46 (0)18 ? 125968
Email: mikael@envilogg.se