X.500 Standard status
X.509 Related activities
How to be involved
Tutorial section 1
Tutorial section 2
Other PKI organizations
The Search operation is the most complex operation and it is the primary operation for retrieving directory information.
Information is retrieved from entries based on some fragments of information supplied to the directory in the Search request.
Attribute assertion is a piece(s) of information of a certain type to be compared with information of the same type within the database.
When performing a search for retrieving specific entries, the search request needs to hold criteria to be met by eligible entries for return to the accessing user. A filter in the search request gives such criteria. The filter in a search request contains pieces of information that is compared in some way with the information in the entries. If the comparison yields TRUE for a particular entry, the entry is eligible for return to the accessing user. If the comparison yields FALSE, the entry is not returned.
Each piece of information in the filter corresponds to an attribute type against which it is to be matched. Such a piece of information is called a filter item. As also indicated in figure 4, a filter item may hold only partial information. As an example, a filter item may hold a substring of a street address to be compared against the full street address in each of the entries.
In more advanced filters, filter items can be AND'ed, OR'ed and NOT'ed in any combination and with any level of nesting.
Any filter whatsoever can be converted to a sequence of subfilters separated by OR operators. This means that if just one subfilter matches a directory entry, then the filter as a whole also matches that entry. For more details see her.
The next page is X.500 Navigation