3.1.1.3.4.4 LDAP Matching Rules (extensibleMatch)

  • Article

msdn link

The following sections describe the matching rules supported by DCs when performing LDAP search requests. Unlike, for example, extended controls and extended operations, there is no attribute exposed by the DC that specifies which matching rules it supports. The identifiers for these matching rules are used in an extensibleMatch clause in the filter portion of a SearchRequest, as described in [RFC2251] section 4.5.1. Matching rules are identified by an OID that corresponds to a human-readable name, as shown in the following table.

Capability name

OID

LDAP_MATCHING_RULE_BIT_AND

1.2.840.113556.1.4.803

LDAP_MATCHING_RULE_BIT_OR

1.2.840.113556.1.4.804

LDAP_MATCHING_RULE_TRANSITIVE_EVAL

1.2.840.113556.1.4.1941

LDAP_MATCHING_RULE_DN_WITH_DATA

1.2.840.113556.1.4.2253

Windows 2000 operating system, Windows Server 2003 operating system, Windows Server 2003 R2 operating system, and Active Directory Application Mode (ADAM) support the LDAP_MATCHING_RULE_BIT_AND and LDAP_MATCHING_RULE_BIT_OR matching rules. Windows Server 2008 operating system and later support those two rules and the LDAP_MATCHING_RULE_TRANSITIVE_EVAL rule, in both AD DS and AD LDS. Windows Server 2012 R2 operating system and later support those three rules and the LDAP_MATCHING_RULE_DN_WITH_DATA rule, in both AD DS and AD LDS.