DS 7.3.4

distinguishedNamePatternMatch

Compares an assertion value of DN pattern syntax to a value whose syntax is an ASN.1 DistinguishedName type.

A DN pattern has a similar format to a Distinguished Name (DN) except that it allows wild-cards in place of individual RDNs, AVAs or attribute values. Specifically, DN patterns must conform to the following ABNF grammar:

dnPattern                = [ rdnPattern *( COMMA rdnPattern ) ]
rdnPattern               = ( ASTERISK ASTERISK ) / ASTERISK / singleRdnPattern
singleRdnPattern         = avaPattern *( PLUS avaPattern )
avaPattern               = ( ASTERISK ASTERISK ) / ASTERISK / singleAvaPattern
singleAvaPattern         = attributeType EQUALS attributeValuePattern
attributeValuePattern    = ASTERISK / attributeValue

; All other productions taken from RFC4514 except for the following which
; requires a leading ASTERISK to be escaped:
LeadChar                 = LUTF1 / UTFMB
LUTF1                    = %x01-1F / %x21 / %x24-29 / %x2D-3A / %x3D / %x3F-5B / %x5D-7F

Here are some example DN patterns:

  1. *,ou=people,dc=example,dc=com - matches all DNs which are directly subordinate to ou=people,dc=example,dc=com. A single RDN wild-card matches a single RDN.

  2. **,ou=people,dc=example,dc=com - matches all DNs located anywhere beneath ou=people,dc=example,dc=com. A double RDN wild-card matches zero or more RDNs.

  3. **,ou=people,** - matches any DN containing the RDN ou=people.

  4. uid=*,ou=people,dc=example,dc=com - matches all DNs directly beneath ou=people,dc=example,dc=com whose RDN has the uid attribute type.

  5. sn=smith+givenName=*,ou=people,dc=example,dc=com - matches all DNs directly beneath ou=people,dc=example,dc=com whose RDN has exactly two AVAs where one is of the form sn=smith and the other has the givenName attribute type.

  6. *+*,ou=people,** - matches all DNs directly beneath any DN containing the RDN ou=people and whose RDN contains exactly two AVAs.

  7. *+**,ou=people,** - matches all DNs directly beneath any DN containing the RDN ou=people and whose RDN contains at least one AVA.

Names

distinguishedNamePatternMatch

Origin

OpenDJ Directory Server

Description

DN pattern matching

Assertion syntax

DistinguishedNamePatternMatchAssertion

OID

1.3.6.1.4.1.36733.2.1.4.13

Copyright © 2010-2024 ForgeRock, all rights reserved.