My Oracle Support Banner

How To Use a NOT Operator in an LDAP Search Query (Doc ID 2467022.1)

Last updated on FEBRUARY 22, 2021

Applies to:

Oracle WebCenter Content - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

Desire user authentication or group membership authorization be based on a user or group that does not have a specified LDAP attribute.

As an example:

In Active Directory a user and a computer can have the same CN.

This is the AD user attributes:

displayName: lurch
loginid: lurch
cn: lurch
groupnameattr: lurch
objectclass: top
objectclass: person
objectclass: user
objectclass: organizationalPerson

This is the computer:

loginid: lurch
cn: lurch
groupnameattr: lurch
objectclass: top
objectclass: person
objectclass: user
objectclass: organizationalPerson
objectclass: computer

The standard User From Name Filter is set as:

(&(cn=%u)(objectclass=user))

The LDAP search query can return the user and not the computer by using an LDAP search NOT operator.

The NOT operator is in the syntax:

(!(<attribute>=<value>))

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.