Hi, all I had a old openldap server from my colleague, and I am studying the server. I found a strange problem, when I using client(ldapadmin in Windows), I can filter by uid, objectClass,sn or anything else, but except inetUserStatus. For example, when I searching by 'sn=*', or 'sn=Jim', which jim is the exact name of my user, I will got the correct result. But when I searching by 'inetUserStatus=Inactive' or 'inetUserStatus=Active', nothing happens. I also tried 'inetUserStatus=*', and got the whole ldap users. The same happens in the memberOf attribute, which 'memberOf=*' got the whole users, and 'memberOf=cn=ABC*' got nothing. (My ldap users all have a attribute of 'memberOf: cn=ABC,ou=Groups,dc=abc,dc=cn'. So, what should I do if I want to using this two attribute memberOf and inetUserStatus? Thanks a lot. -- from:baalchina