3.1.1.3.4.4 LDAP Matching Rules (extensibleMatch)
The following sections describe the matching rules supported by DCs when performing LDAP search requests. Unlike, for example, extended controls and extended operations, there is no attribute exposed by the DC that specifies which matching rules it supports. The identifiers for these matching rules are used in an extensibleMatch clause in the filter portion of a SearchRequest, as described in [RFC2251] section 4.5.1. Matching rules are identified by an OID that corresponds to a human-readable name, as shown in the following table.
-
Capability name
OID
LDAP_MATCHING_RULE_BIT_AND
1.2.840.113556.1.4.803
LDAP_MATCHING_RULE_BIT_OR
1.2.840.113556.1.4.804
LDAP_MATCHING_RULE_TRANSITIVE_EVAL
1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_DN_WITH_DATA
1.2.840.113556.1.4.2253
Windows 2000 operating system, Windows Server 2003 operating system, Windows Server 2003 R2 operating system, and Active Directory Application Mode (ADAM) support the LDAP_MATCHING_RULE_BIT_AND and LDAP_MATCHING_RULE_BIT_OR matching rules. Windows Server 2008 operating system and later support those two rules and the LDAP_MATCHING_RULE_TRANSITIVE_EVAL rule, in both AD DS and AD LDS. Windows Server 2012 R2 operating system and later support those three rules and the LDAP_MATCHING_RULE_DN_WITH_DATA rule, in both AD DS and AD LDS.