Hi all,
I am using SAMBA with OpenLDAP. And I wanted to find the computer trust accounts within the LDAP tree. These are identified by having the S type set in the sambaAcctFlags field. In LDIF format this looks like this:
sambaAcctFlags: [S ]
The initial search was:
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=*S*))' dn
This revealed nothing. Which I knew for sure is incorrect. To test I used:
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=[S ]))' dn
which returned the DNs of the trust accounts. Searching for:
ldapsearch -x -LLL '(&(objectClass=device)(sambaSID=*1-5-21*))' dn
also returned all DNs, so it is not a generic search filter problem. It seems to be related to [] and spaces. On the sambaAcctFlags search it doesn't matter if I replace [ and/or ] for * or the spaces for *, nothing is returned. The only working search is searching for the entire string.
Am I doing something wrong? Or is this a bug in the search filter system?
With kind regards,
Dennis Leeuw