Filter examples
<filters> <!-- Filter 1 --> <filter type="attribute" target="objectclass" inheritable="true"> <include> <value>user</value> <value>organizationalUnit</value> <value>container</value> <value>group</value> </include> <exclude> <value>computer</value> </exclude> </filter> <!-- Filter 2 --> <filter type="attribute" target="name" inheritable="true"> <include> <value>*</value> </include> <exclude> <value>Computers</value> </exclude> </filter> <!-- Filter 3 --> <filter type="attribute" target="name" inheritable="false"> <exclude> <value>DB Servers</value> <value>Web Servers</value> </exclude> </filter> <!-- Filter 4 --> <filter type="date" target="whenchanged" inheritable="true"> <applicableClasses> <class>user</class> </applicableClasses> <from>7/1/2017</from> <to>07/18/2017</to> <within>1</within> </filter> <!-- Filter 5 --> <filter type="LDAP" appliedClass="group" inheritable="true"> <!-- Include exchange enabled group only --> <![CDATA[ (& (mail=*) (!msexchhidefromaddresslists=TRUE) ) ]]> </filter> </filters>
Each filter has two mandatory XML attributes: “type” and “inheritable,” and one optional attribute.
- <type>: Identifies the type of the filter. The possible values are: attribute, date, and LDAP.
- <inheritable>: Determines if the filter is inherited by child nodes. The value can be “true” or “false.” If a filter is set to inheritable=”true”, it will be run on the rootDistinguishedNode and all sub nodes. If it is set to “false”, it will only be run on the rootDistinguishedNode.
- <appliedClass>: Specifies the LDAP object class to apply the current filter on. If no class is specified, the filter applies to all object classes. For example, to run a filter on user objects and not have the filter apply to group objects, set appliedClass=”user”.