draft-ietf-ldapbis-filter-02.txt   draft-ietf-ldapbis-filter-03.txt 
Network Working Group M. Smith, Editor Network Working Group M. Smith, Editor
Request for Comments: DRAFT Netscape Communications Corp. Request for Comments: DRAFT Netscape Communications Corp.
Obsoletes: RFC 2254 T. Howes Obsoletes: RFC 2254 T. Howes
Expires: August 2002 Loudcloud, Inc. Expires: 9 February 2003 Loudcloud, Inc.
22 February 2002 9 August 2002
LDAP: String Representation of Search Filters LDAP: String Representation of Search Filters
<draft-ietf-ldapbis-filter-02.txt> <draft-ietf-ldapbis-filter-03.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026.
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute Internet-Drafts are working documents of the Internet Engineering
working documents as Internet-Drafts. Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Discussion of this document should take place on the LDAP (v3) Discussion of this document should take place on the LDAP (v3)
Revision (ldapbis) Working Group mailing list <ietf- Revision (ldapbis) Working Group mailing list <ietf-
ldapbis@openldap.org>. After appropriate review and discussion, this ldapbis@openldap.org>.
document will be submitted as a Standards Track replacement for RFC
2254.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
2. Abstract 2. Abstract
LDAP search filters are transmitted in the LDAP protocol using a
binary representation that is appropriate for use on the network.
This document defines a human-readable string representation of LDAP
search filters that is appropriate for use in LDAP URLs and in other
applications.
3. Table of Contents
1. Status of this Memo............................................1
2. Abstract.......................................................1
3. Table of Contents..............................................2
4. Introduction...................................................2
5. LDAP Search Filter Definition..................................2
6. String Search Filter Definition................................3
7. Examples.......................................................5
8. Security Considerations........................................6
9. Normative References...........................................7
10. Acknowledgments................................................7
11. Authors' Address...............................................7
12. Full Copyright Statement.......................................8
13. Appendix A: Changes Since RFC 2254.............................8
13.1. Technical Changes...........................................8
13.2. Editorial Changes...........................................9
14. Appendix B: Changes Since Previous Document Revision...........10
14.1. Technical Changes...........................................10
14.2. Editorial Changes...........................................10
4. Introduction
The Lightweight Directory Access Protocol (LDAP) [Protocol] defines a The Lightweight Directory Access Protocol (LDAP) [Protocol] defines a
network representation of a search filter transmitted to an LDAP network representation of a search filter transmitted to an LDAP
server. Some applications may find it useful to have a common way of server. Some applications may find it useful to have a common way of
representing these search filters in a human-readable form. This representing these search filters in a human-readable form; LDAP URLs
document defines a human-readable string format for representing the are an example of one such application. This document defines a
full range of possible LDAP version 3 search filters, including human-readable string format for representing the full range of
extended match filters. possible LDAP version 3 search filters, including extended match
filters.
This document is an integral part of the LDAP Technical This document is an integral part of the LDAP Technical
Specification [ROADMAP]. Specification [Roadmap].
This document replaces RFC 2254. Changes to RFC 2254 are summarized This document replaces RFC 2254. Changes to RFC 2254 are summarized
in Appendix A. in Appendix A.
3. LDAP Search Filter Definition 5. LDAP Search Filter Definition
An LDAPv3 search filter is defined in Sections 4.5.1 of [Protocol] as An LDAPv3 search filter is defined in Section 4.5.1 of [Protocol] as
follows: follows:
Filter ::= CHOICE { Filter ::= CHOICE {
and [0] SET SIZE (1..MAX) OF Filter, and [0] SET SIZE (1..MAX) OF Filter,
or [1] SET OF SIZE (1..MAX) Filter, or [1] SET SIZE (1..MAX) OF Filter,
not [2] Filter, not [2] Filter,
equalityMatch [3] AttributeValueAssertion, equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter, substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion, greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion, lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription, present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion, approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion extensibleMatch [9] MatchingRuleAssertion }
}
SubstringFilter ::= SEQUENCE { SubstringFilter ::= SEQUENCE {
type AttributeDescription, type AttributeDescription,
-- at least one must be present -- at least one must be present,
-- initial and final can occur at most once -- initial and final can occur at most once
substrings SEQUENCE OF CHOICE { substrings SEQUENCE OF CHOICE {
initial [0] AssertionValue, initial [0] AssertionValue,
any [1] AssertionValue, any [1] AssertionValue,
final [2] AssertionValue final [2] AssertionValue } }
}
}
AttributeValueAssertion ::= SEQUENCE { AttributeValueAssertion ::= SEQUENCE {
attributeDesc AttributeDescription, attributeDesc AttributeDescription,
assertionValue AssertionValue assertionValue AssertionValue }
}
MatchingRuleAssertion ::= SEQUENCE { MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleID OPTIONAL, matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL, type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue, matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE dnAttributes [4] BOOLEAN DEFAULT FALSE }
}
AttributeDescription ::= LDAPString AttributeDescription ::= LDAPString
AttributeValue ::= OCTET STRING AttributeValue ::= OCTET STRING
MatchingRuleID ::= LDAPString MatchingRuleId ::= LDAPString
AssertionValue ::= OCTET STRING AssertionValue ::= OCTET STRING
LDAPString ::= OCTET STRING LDAPString ::= OCTET STRING
where the LDAPString above is limited to the UTF-8 encoding of the where the LDAPString above is limited to the UTF-8 encoding of the
ISO 10646 character set [RFC2279]. The AttributeDescription is a ISO 10646 character set [RFC2279]. The AttributeDescription is a
string representation of the attribute description and is defined in string representation of the attribute description and is defined in
[Protocol]. The AttributeValue and AssertionValue OCTET STRING have [Protocol]. The AttributeValue and AssertionValue OCTET STRING have
the form defined in [Syntaxes]. The Filter is encoded for the form defined in [Syntaxes]. The Filter is encoded for
transmission over a network using the Basic Encoding Rules defined in transmission over a network using the Basic Encoding Rules defined in
[ASN.1], with simplifications described in [Protocol]. [ASN.1], with simplifications described in [Protocol].
4. String Search Filter Definition 6. String Search Filter Definition
The string representation of an LDAP search filter is defined by the The string representation of an LDAP search filter is defined by the
following grammar, following the ABNF notation defined in [RFC2234]. following grammar, following the ABNF notation defined in [RFC2234].
The filter format uses a prefix notation. The filter format uses a prefix notation.
filter = "(" filtercomp ")" filter = "(" filtercomp ")"
filtercomp = and / or / not / item filtercomp = and / or / not / item
and = "&" filterlist and = "&" filterlist
or = "|" filterlist or = "|" filterlist
not = "!" filter not = "!" filter
filterlist = 1*filter filterlist = 1*filter
item = simple / present / substring / extensible item = simple / present / substring / extensible
simple = attr filtertype assertionvalue simple = attr filtertype assertionvalue
skipping to change at page 4, line 5 skipping to change at page 4, line 30
extensible = attr [":dn"] [":" matchingrule] ":=" assertionvalue extensible = attr [":dn"] [":" matchingrule] ":=" assertionvalue
/ [":dn"] ":" matchingrule ":=" assertionvalue / [":dn"] ":" matchingrule ":=" assertionvalue
/ ":=" assertionvalue / ":=" assertionvalue
present = attr "=*" present = attr "=*"
substring = attr "=" [initial] any [final] substring = attr "=" [initial] any [final]
initial = assertionvalue initial = assertionvalue
any = "*" *(assertionvalue "*") any = "*" *(assertionvalue "*")
final = assertionvalue final = assertionvalue
attr = AttributeDescription attr = AttributeDescription
; The <AttributeDescription> rule is defined in ; The <AttributeDescription> rule is defined in
; Section 4.1.5 of [Protocol]. ; Section 4.1.4 of [Protocol].
matchingrule = oid matchingrule = oid
; The <oid> rule is defined in Section 4.1 ; The <oid> rule is defined in Section 2.1
; of [Syntaxes] and is used to encode a ; of [Syntaxes] and is used to encode a
; matching rule OBJECT IDENTIFIER. ; matching rule OBJECT IDENTIFIER.
assertionvalue = valueencoding assertionvalue = valueencoding
; The <valueencoding> rule is used to encode an ; The <valueencoding> rule is used to encode an
; <AssertionValue> from Section 4.1.7 of [Protocol]. ; <AssertionValue> from Section 4.1.6 of [Protocol].
valueencoding = 0*(normal / escaped) valueencoding = 0*(normal / escaped)
normal = %x01-27 / %x2b-5b / %x5d-7f normal = %x01-27 / %x2b-5b / %x5d-7f
escaped = "\" hex hex escaped = "\" hex hex
hex = %x30-39 / %x41-46 / %x61-66 hex = %x30-39 / %x41-46 / %x61-66
Note that although both the <substring> and <present> productions in Note that although both the <substring> and <present> productions in
the grammar above can produce the "attr=*" construct, this construct the grammar above can produce the "attr=*" construct, this construct
is used only to denote a presence filter. is used only to denote a presence filter.
The <valueencoding> rule provides that the octets that represent the The <valueencoding> rule provides that the octets that represent the
skipping to change at page 4, line 43 skipping to change at page 5, line 20
non-printing ASCII characters. non-printing ASCII characters.
For AssertionValues that contain UTF-8 character data, each octet of For AssertionValues that contain UTF-8 character data, each octet of
the character to be escaped is replaced by a backslash and two hex the character to be escaped is replaced by a backslash and two hex
digits, which form a single octet in the code of the character. digits, which form a single octet in the code of the character.
For example, the filter checking whether the "cn" attribute contained For example, the filter checking whether the "cn" attribute contained
a value with the character "*" anywhere in it would be represented as a value with the character "*" anywhere in it would be represented as
"(cn=*\2a*)". "(cn=*\2a*)".
5. Examples 7. Examples
This section gives a few examples of search filters written using This section gives a few examples of search filters written using
this notation. this notation.
(cn=Babs Jensen) (cn=Babs Jensen)
(!(cn=Tim Howes)) (!(cn=Tim Howes))
(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))) (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
(o=univ*of*mich*) (o=univ*of*mich*)
(seeAlso=) (seeAlso=)
skipping to change at page 6, line 20 skipping to change at page 6, line 45
The fourth example shows a filter searching for the four-byte value The fourth example shows a filter searching for the four-byte value
0x00000004, illustrating the use of the escaping mechanism to 0x00000004, illustrating the use of the escaping mechanism to
represent arbitrary data, including NUL characters. represent arbitrary data, including NUL characters.
The fifth example illustrates the use of the escaping mechanism to The fifth example illustrates the use of the escaping mechanism to
represent various non-ASCII UTF-8 characters. represent various non-ASCII UTF-8 characters.
The sixth and final example demonstrates assertion of a BER encoded The sixth and final example demonstrates assertion of a BER encoded
value. value.
6. Security Considerations 8. Security Considerations
This memo describes a string representation of LDAP search filters. This memo describes a string representation of LDAP search filters.
While the representation itself has no known security implications, While the representation itself has no known security implications,
LDAP search filters do. They are interpreted by LDAP servers to LDAP search filters do. They are interpreted by LDAP servers to
select entries from which data is retrieved. LDAP servers should select entries from which data is retrieved. LDAP servers should
take care to protect the data they maintain from unauthorized access. take care to protect the data they maintain from unauthorized access.
Please refer to the Security Considerations sections of [Protocol] Please refer to the Security Considerations sections of [Protocol]
and [AuthMeth] for more information. and [AuthMeth] for more information.
7. References 9. Normative References
[ASN.1] Specification of ASN.1 encoding rules: Basic, Canonical, and [ASN.1] Specification of ASN.1 encoding rules: Basic, Canonical, and
Distinguished Encoding Rules, ITU-T Recommendation X.690, 1994. Distinguished Encoding Rules, ITU-T Recommendation X.690, 1994.
[AuthMeth] R. Harrison (editor), "LDAP: Authentication Methods and [AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
Connection Level Security Mechanisms", draft-ietf-ldapbis-authmeth- Connection Level Security Mechanisms", draft-ietf-ldapbis-authmeth-
xx.txt, a work in progress. xx.txt, a work in progress.
[Protocol] J. Sermersheim (editor), "LDAP: The Protocol", draft- [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft-
ietf-ldapbis-protocol-xx.txt, a work in progress. ietf-ldapbis-protocol-xx.txt, a work in progress.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax [RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 10646", [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 2279, January 1998. RFC 2279, January 1998.
[Roadmap] K. Zeilenga (editor), "LDAP: Technical Specification Road [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress. Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[Syntaxes] K. Dally (editor), "LDAP: Syntaxes", draft-ietf-ldapbis- [Syntaxes] Dally, K. (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx.txt, a work in progress. syntaxes-xx.txt, a work in progress.
8. Acknowledgments 10. Acknowledgments
This document replaces RFC 2254 by Tim Howes. Changes included in This document replaces RFC 2254 by Tim Howes. Changes included in
this revised specification are based upon discussions among the this revised specification are based upon discussions among the
authors, discussions within the LDAP (v3) Revision Working Group authors, discussions within the LDAP (v3) Revision Working Group
(ldapbis), and discussions within other IETF Working Groups. The (ldapbis), and discussions within other IETF Working Groups. The
contributions of individuals in these working groups is gratefully contributions of individuals in these working groups is gratefully
acknowledged. acknowledged.
9. Authors' Address 11. Authors' Address
Mark Smith (document editor) Mark Smith, Editor
Netscape Communications Corp. Netscape Communications Corp.
447 Marlpool Drive 360 W. Caribbean Drive
Saline, MI 48176 Sunnyvale, CA 94089
USA USA
+1 650 937-3477 +1 650 937-3477
mcs@netscape.com mcs@netscape.com
Tim Howes Tim Howes
Loudcloud, Inc. Loudcloud, Inc.
599 N. Mathilda Ave. 599 N. Mathilda Ave.
Sunnyvale, CA 94086 Sunnyvale, CA 94086
USA USA
+1 408 744-7509 +1 408 744-7509
howes@loudcloud.com howes@loudcloud.com
10. Full Copyright Statement 12. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
skipping to change at page 8, line 16 skipping to change at page 8, line 40
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
11. Appendix A: Changes Since RFC 2254 13. Appendix A: Changes Since RFC 2254
11.1. Technical Changes 13.1. Technical Changes
"String Search Filter Definition" section: replaced the "value" rule "String Search Filter Definition" section: replaced the "value" rule
with a new "assertionvalue" rule within the "simple", "extensible", with a new "assertionvalue" rule within the "simple", "extensible",
and "substring" ("initial", "any", and "final") rules. This matches and "substring" ("initial", "any", and "final") rules. This matches
a change made in [Syntaxes]. a change made in [Syntaxes].
Revised the "attr", "matchingrule", and "assertionvalue" ABNF to more Revised the "attr", "matchingrule", and "assertionvalue" ABNF to more
precisely reference productions from the [Protocol] and [Syntaxes] precisely reference productions from the [Protocol] and [Syntaxes]
documents. documents.
Introduced the "valueencoding" and associated "normal" and "escaped" Introduced the "valueencoding" and associated "normal" and "escaped"
rules to reduce the dependence on descriptive text. rules to reduce the dependence on descriptive text.
Added a third option to the "extensible" production to allow creation Added a third option to the "extensible" production to allow creation
of a MatchingRuleAssertion that only has a matchValue. of a MatchingRuleAssertion that only has a matchValue.
11.2. Editorial Changes 13.2. Editorial Changes
Changed document title to include "LDAP:" prefix. Changed document title to include "LDAP:" prefix.
IESG Note: removed note about lack of satisfactory mandatory IESG Note: removed note about lack of satisfactory mandatory
authentication mechanisms. authentication mechanisms.
Header and "Authors' Addresses" sections: added Mark Smith as the Header and "Authors' Addresses" sections: added Mark Smith as the
document editor and updated Tim's affiliation and contact document editor and updated affiliation and contact information.
information.
Copyright: changed the year to 2002. "Table of Contents" section: added.
"Abstract" section: updated second paragraph to indicate that RFC Copyright: updated the year.
2254 is replaced by this document (instead of RFC 1960). Added
reference to the [Roadmap] document. "Abstract" section: separated from introductory material.
"Introduction" section: new section; separated from the Abstract.
Updated second paragraph to indicate that RFC 2254 is replaced by
this document (instead of RFC 1960). Added reference to the [Roadmap]
document.
"LDAP Search Filter Definition" section: made corrections to the "LDAP Search Filter Definition" section: made corrections to the
LDAPv3 search filter ABNF so it matches that used in [Protocol]. LDAPv3 search filter ABNF so it matches that used in [Protocol].
"String Search Filter Definition" section: clarified the definition "String Search Filter Definition" section: clarified the definition
of 'value' (now 'assertionvalue') to take into account the fact that of 'value' (now 'assertionvalue') to take into account the fact that
it is not precisely an AttributeAssertion from [Protocol] section it is not precisely an AttributeAssertion from [Protocol] section
4.1.6 (special handling is required for some characters). Added a 4.1.6 (special handling is required for some characters). Added a
note that each octet of a character to be escaped is replaced by a note that each octet of a character to be escaped is replaced by a
backslash and two hex digits, which represent a single octet. backslash and two hex digits, which represent a single octet.
"Examples" section: added five additional examples: (seeAlso=), "Examples" section: added five additional examples: (seeAlso=),
(cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), (:=Fred Flintstone), (cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), (:=Fred Flintstone),
and (1.3.6.1.4.1.1466.0;binary=\04\02\48\69). Replaced one occurrence and (1.3.6.1.4.1.1466.0;binary=\04\02\48\69). Replaced one occurrence
of "a value" with "an assertion value". of "a value" with "an assertion value".
"Security Considerations" section: added references to [Protocol] and "Security Considerations" section: added references to [Protocol] and
[AuthMeth]. [AuthMeth].
"References" section: changed from [1] style to [Protocol] style "Normative References" section: renamed from "References" per new RFC
throughout the document. Added entries for [AuthMeth] and updated guidelines. Changed from [1] style to [Protocol] style throughout the
document. Added entries for [AuthMeth] and [Roadmap] and updated
UTF-8 reference to RFC 2279. Replaced RFC 822 reference with a UTF-8 reference to RFC 2279. Replaced RFC 822 reference with a
reference to RFC 2234. reference to RFC 2234.
"Acknowledgments" section: added. "Acknowledgments" section: added.
"Appendix A: Changes Since RFC 2254" section: added. "Appendix A: Changes Since RFC 2254" section: added.
"Appendix B: Changes Since Previous Document Revision" section: "Appendix B: Changes Since Previous Document Revision" section:
added. added.
"Table of Contents" section: added. 14. Appendix B: Changes Since Previous Document Revision
12. Appendix B: Changes Since Previous Document Revision
This appendix lists all changes relative to the last published This appendix lists all changes relative to the last published
revision, draft-ietf-ldapbis-filter-01.txt. Note that these changes revision, draft-ietf-ldapbis-filter-02.txt. Note that these changes
are also included in Appendix A, but are included here for those who are also included in Appendix A, but are included here for those who
have already reviewed draft-ietf-ldapbis-filter-01.txt. This section have already reviewed draft-ietf-ldapbis-filter-02.txt. This section
will be removed before this document is published as an RFC. will be removed before this document is published as an RFC.
12.1. Technical Changes 14.1. Technical Changes
"String Search Filter Definition" section: Added a third option to None.
the "extensible" production to allow creation of a
MatchingRuleAssertion that only has a "assertionvalue".
12.2. Editorial Changes 14.2. Editorial Changes
Changed document title to include "LDAP:" prefix. "Abstract" section: separated from introductory material.
"LDAP Search Filter Definition" section: updated the ASN.1 definition "Table of Contents" section: moved to correct location (after
of the Filter to match that used in [Protocol]. Abstract).
"String Search Filter Definition" section: Revised "attr", "Introduction" section: new section; separated from the Abstract.
"matchingrule", and "assertionvalue" ABNF to directly reference
productions from the [Protocol] and [Syntaxes] documents.
Revised the text on hexadecimal escaping to be less UTF-8 centric.
"Examples" section: added a new example (:=Fred Flintstone) that only "LDAP Search Filter Definition " section: updated section references
has an "assertionvalue." to match current LDAPBis drafts. Made minor changes to the ASN.1 so
it exactly matches that used in the Protocol document.
References: replaced [RFC2251bis] references with [Protocol]; similar "Normative References" section: renamed from "References" per new RFC
changes for other LDAP documents. Added reference to [Roadmap]. guidelines; changed author names to "Last, F." format for
"Authors' Addresses" section: updated Mark Smith's postal address. consistency.
This Internet Draft expires in August 2002. "Authors' Address" section: updated Mark Smith's postal address.
1. Status of this Memo............................................1 This Internet Draft expires on 9 February 2003.
2. Abstract.......................................................1
3. LDAP Search Filter Definition..................................2
4. String Search Filter Definition................................3
5. Examples.......................................................4
6. Security Considerations........................................6
7. References.....................................................6
8. Acknowledgments................................................7
9. Authors' Address...............................................7
10. Full Copyright Statement.......................................7
11. Appendix A: Changes Since RFC 2254.............................8
11.1. Technical Changes...........................................8
11.2. Editorial Changes...........................................8
12. Appendix B: Changes Since Previous Document Revision...........9
12.1. Technical Changes...........................................9
12.2. Editorial Changes...........................................10
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/