[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8749) Proxy: LDAP-querry doesn't work for e.g (userAccountControl:1.2.840.113556.1.4.803:=2)

To: openldap-its@OpenLDAP.org
Subject: (ITS#8749) Proxy: LDAP-querry doesn't work for e.g (userAccountControl:1.2.840.113556.1.4.803:=2)
From: steffen.krahl@nexio.de
Date: Sat, 30 Sep 2017 22:54:08 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Steffen Krahl
Version: 2.4-2
OS: Ubuntu 16.04.3 LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.168.136.108)


I'm using OpenLDAP with LDAP-backend as proxy for ActiveDirectory
It's working well so far, only LDAP-queries which should exclude deactivated
users don't work. It seems slapd does not accept queries like
(attribute:OID:=value)

in particular (&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fails due to the part ":1.2.840.113556.1.4.803:". The query itself works fine
for ActiveDirectory itself.

to make blind test: (userAccountControl:1.2.840.113556.1.4.803:=2) will not get
any object back (but should)

I'm quite new to OpenLDAP, but it seems an issue.

performing upper query gets:
Oct  1 00:45:33 nxld01 slapd[3002]: str2filter "(&(sAMAccountType=
805306368)(?=error))"
Oct  1 00:45:33 nxld01 kernel: [49436.933735] slapd[3005]: segfault at 18 ip
00007ff4f783d512 sp 00007ff4f1afc810 error 4 in
libc-2.23.so[7ff4f77b9000+1c0000]

performing the following query
 (&(objectClass=*)(userAccountControl:1.2.840.113556.1.4.803:=2))
will get following log wntry:
Oct  1 00:49:07 nxld01 slapd[3033]: str2filter
"(&(objectClass=*)(!(objectClass=*)))"

seems a little bit strange

BR
Steffen

Prev by Date: Re: (ITS#8745) Need to join Windows server 2012 R2 to open lapd as a client
Index(es):
- Chronological
- Thread