https://bugs.openldap.org/show_bug.cgi?id=10321
jnabasny@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |--- Status|RESOLVED |UNCONFIRMED
--- Comment #4 from jnabasny@gmail.com --- This is absolutely not a search filter issue unless OpenLDAP is not compliant with the RFC. The exact same ldapsearch query on FreeIPA returns successfully and shows this in the debug log:
[21/Mar/2025:16:40:21.080054196 -0400] conn=22 op=1 SRCH base="dc=freeipa,dc=home" scope=2 filter="(&(usercertificate;binary=0\82\04\850\82\02\ED\A0\03\02\01\02\02\01\0D0\0D\06\09\2A\86H\86\F7\0D\01\01\0B\05)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))" attrs=ALL [21/Mar/2025:16:40:21.081159982 -0400] conn=22 op=1 RESULT err=0 tag=101 nentries=1 wtime=0.000101369 optime=0.001106047 etime=0.001204661
So, the same filter on an identical entry returns different results, and we can see that slapd is mangling the filter.