Full_Name: Steffen Krahl Version: 2.4-2 OS: Ubuntu 16.04.3 LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.168.136.108)
I'm using OpenLDAP with LDAP-backend as proxy for ActiveDirectory It's working well so far, only LDAP-queries which should exclude deactivated users don't work. It seems slapd does not accept queries like (attribute:OID:=value)
in particular (&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fails due to the part ":1.2.840.113556.1.4.803:". The query itself works fine for ActiveDirectory itself.
to make blind test: (userAccountControl:1.2.840.113556.1.4.803:=2) will not get any object back (but should)
I'm quite new to OpenLDAP, but it seems an issue.
performing upper query gets: Oct 1 00:45:33 nxld01 slapd[3002]: str2filter "(&(sAMAccountType= 805306368)(?=error))" Oct 1 00:45:33 nxld01 kernel: [49436.933735] slapd[3005]: segfault at 18 ip 00007ff4f783d512 sp 00007ff4f1afc810 error 4 in libc-2.23.so[7ff4f77b9000+1c0000]
performing the following query (&(objectClass=*)(userAccountControl:1.2.840.113556.1.4.803:=2)) will get following log wntry: Oct 1 00:49:07 nxld01 slapd[3033]: str2filter "(&(objectClass=*)(!(objectClass=*)))"
seems a little bit strange
BR Steffen