[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch and sambaAcctFlags



Hi all,

I am using SAMBA with OpenLDAP. And I wanted to find the computer trust accounts within the LDAP tree. These are identified by having the S type set in the sambaAcctFlags field. In LDIF format this looks like this:

sambaAcctFlags: [S          ]

The initial search was:

ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=*S*))' dn

This revealed nothing. Which I knew for sure is incorrect. To test I used:

ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=[S ]))' dn

which returned the DNs of the trust accounts. Searching for:

ldapsearch -x -LLL '(&(objectClass=device)(sambaSID=*1-5-21*))' dn

also returned all DNs, so it is not a generic search filter problem. It seems to be related to [] and spaces. On the sambaAcctFlags search it doesn't matter if I replace [ and/or ] for * or the spaces for *, nothing is returned. The only working search is searching for the entire string.

Am I doing something wrong? Or is this a bug in the search filter system?

With kind regards,

Dennis Leeuw