[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using a bitwise filter

I'v implemented a OpenLDAP Metadirectory that proxying 2 Microsft AD targets.
Some attributes on Active Directory objects are composed of bitwise flags. Using a bitwise operator is necessary to return only objects that match a particular bit being set.
To query Active Directory for user class objects that are disabled: (UserAccountControl:1.2.840.113556.1.4.803:=2)
I'm trying to create a filter that selects entries for which the object class is a user but not a computer, and for which the account is not flagged as disabled:
If I connect AD server directly, all is OK, I get a search result. But sending this search to Meta, does not work.
slapd[22461]: conn=1004 op=3 SRCH base="dc=meta,dc=pov" scope=2 deref=2 filter="(&(?objectClass=user)(!(?objectClass=Computer))(?=error))"
slapd[22461]: conn=1004 op=3 meta_back_search: base="dc=meta,dc=pov" scope=2: no candidate could be selected
slapd[22461]: conn=1004 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
slapd[22461]: conn=1004 op=4 UNBIND
My OpenLDAP version: 2.4.26
my config:
database                meta
lastmod           off
suffix            "dc=meta,dc=pov"
rootdn           "cn=metaguru,dc=meta,dc=pov"
rootpw           xxxxxxxx
uri               "ldap://w3kvm.adwal.corporate.net:389/dc=meta,dc=pov"
suffixmassage     "dc=meta,dc=pov" "dc=adwal,dc=corporate,dc=net"
idassert-authzFrom "dn:*"
idassert-bind   bindmethod=simple
uri               "ldap://w3kvm02.adwal.corporate.net:389/dc=meta,dc=pov"
suffixmassage     "dc=meta,dc=pov" "dc=second,dc=crocus,dc=com"
idassert-authzFrom "dn:*"
idassert-bind   bindmethod=simple
Where is my mistake ? Can you help me please
Kind regards