Printout Header

LEX Online Manual Content

Searching the Directory

If you want to find one or more objects in the directory with specific criteria, you have to perform an LDAP search. This can be done by selecting any container object (in the treeview panel or the object list) and pressing CTRL-F or using the menu option Edit - Search. If you do so, the Search dialog is shown.

The Search dialog gives you two choices:

  • The Simple Name Search: Good if you want to search for an object just by it's name or by part of it's name (try for example to enter just the first few characters of an objects name...).
  • The Complex Search. A 'real' LDAP search which uses an LDAP filter string. This can be used if you want to find objects by their attribute values.

Complex search with LDAP filters

The LDAP search operation is part of the protocol standard and defined in the LDAP protocol in RFC 4511.

On a technical base, the LDAP search operation is very often used, even if we just want to read some attribute data from a directory object, an LDAP search is performed, in this special case the search is only for one object and the object's distinguished name was taken as the search 'criterion'. So don't be surprised if you trace a normal read operation on an LDAP directory with a packet analyzer and you see LDAP search frames...

Normal searches uses more complex criteria, and these are always to be passed as an LDAP filter. Although LDAP filters can be quite complex, LEX helps you to construct and handle such filters in a convenient way. But sometimes a user doesn't even want to think about LDAP filters and their syntax at all, but just enter the name of an object and find it. This is the reason why LEX comes with two kinds of search possibilities: the Simple Name Search and the Complex Search.

Simple Name Search

This search lets you find an object quickly by it's name. Just enter the name to search for in the text box and press the Start Search button. Actually, LEX is performing here an LDAP search with complex filter as well if you use this option. But you just have to enter a string and the technical filter string is built internally by LEX. The following rules are in place here:

Active Directory environments: If you enter 'xyz' in the text box, LEX uses internally the following LDAP filter string: (anr=xyz). This is a special 'ambiguous name resolution' (ANR) filter for AD, it is also used if you search for email recipients in Outlook, for example. It is very (!) fast, because this filter is hard coded in the AD LDAP server. ANR filters include the object's relative distinguished name and the following attributes into the object internal search: givenName, sn, displayName, legayExchangeDN, proxyAddresses and physicalDeliveryOfficeName. Unfortunately, the users logon names (userPrincipalName and sAMAccountName) are not included, if you want to search for them, you have to use the Complex Search.

Other LDAP environments: If you enter 'xyz' in the text box, LEX uses internally the following LDAP filter string: (|(cn=*xyz*)(ou=*xyz*)(name=*xyz*)(uid=*xyz*)(fullname=*xyz*)(mail=*xyz*)
Exchange 5.5 environments: If you enter 'xyz' in the text box, LEX uses internally the following LDAP filter string: (|(cn=*xyz*)(ou=*xyz*)(rdn=*xyz*)(uid=*xyz*)(mail=*xyz*))

Complex Search

This search lets you perform a search with any valid LDAP filter. The text box for the LDAP search filter string is pre-filled with the content of the LEX Filter Factory, the place where filters can be easily constructed and stored. If you are not familiar with the LDAP filter syntax, read the manual topic about Building LDAP Filters first.

For manipulating the search filter in the Complex Search, you have the following buttons available:

Construct: This opens the Filter Constructor dialog for the current LDAP filter string in the text box. You can build even complex filters conveniently with a GUI dialog here.

Save Filter: You can save the current filter string into a text file, which can be loaded easily later on if you need it again. LEX stores the appropriate filter files in the Profile and Filter Storage Path in the subdirectory 'LDAPFilter' as text files.

Load Filter: You can load a previously saved filter here. LEX stores the appropriate filter files in the Profile and Filter Storage Path in the subdirectory 'LDAPFilter' as text files. When you use the pull down menu of this button, LEX searches this subdirectory for files and gives you the possibility to immediately load the filters without any further dialog action. Even if you never saved an LDAP filter before, there should be some filter examples which were installed together with the application.

Quick-load of LDAP filters

You can structure your filter set into different categories by just saving the filters in different sub directories. LEX detect these sub directories with the filter files and shows them as a sub menu structure:

LDAP filters in a structured hierarchy

Start Search: This initiates the search operation on the directory.

Search for a List of objects

If you have a list of object names, or mail adresses, or logon names ( either in a text editor, or in an Excl sheet), you can search for the obejcts with the regarding properties very easily here. Just get the entire list into the windows clipboard and paste the clipboard content into the Complex Search field in the Search Dialog window:

Searching for a lists of objects

Immediately after that you will be asked what attributes these inserted strings are representing. You cn choose from the list of schema attributes or you could just tpe in the attribute name. If your list for example contains logon names of Active Directory users, you should choose "sAMAccountName" as the attribute name to built the LDAP filter. The actual filter is now constructed from the inserted list and your attribute name:

Searching for a lists of objects

There are other topics which show details for search operations: