Possible solution:

• Add property "operation" to class AttributeParameter (currently AttributeParameter has just "name" ). I wonder that this property can be either enum with values like: EQUALS, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS, LESS_THAN_OR_EQUALS or String. Default value will be EQUALS (backwards compatibility).

• This will allow that IdentityStore implementations (not just LDAP but also JPA, FILE etc) will be able to read both name and operation and do the action according to it. There won't be a need to handle "special" hardcoded attributes in IdentityStore implementations code .

• Definitions of particular attributes like IdentityType.CREATED_BEFORE, IdentityType.CREATED_AFTER, IdentityType.EXPIRY_BEFORE, IdentityType.EXPIRY_AFTER can be changed like:

  QueryParameter CREATED_BEFORE = new AttributeParameter("createdDate", LESS_THAN_OR_EQUALS);