--On Tuesday, December 20, 2022 5:52 PM +0800 baalchina
For example, when I searching by 'sn=*', or 'sn=Jim',
which jim is the
exact name of my user, I will got the correct result.
But when I searching by 'inetUserStatus=Inactive' or
'inetUserStatus=Active', nothing happens.
I also tried 'inetUserStatus=*', and got the whole ldap users.
The same happens in the memberOf attribute, which 'memberOf=*' got the
whole users, and 'memberOf=cn=ABC*' got nothing. (My ldap users all have
a attribute of 'memberOf: cn=ABC,ou=Groups,dc=abc,dc=cn'.
The behavior of a filter is controlled by the matchin rules for the
attribute. A substring query on a DN type attribute doesn't make much
sense (i.e., the memberOf case). For example, the defintion used by the
dynlist overlay sets only one matching rule that can be used by a filter:
i.e., an exact equality match. You'd have to look at your schema that is
defining "inetUserStatus" to discover what matching rules are defined for
it, and then add the relevant indices.