Hello,
I’ve been working on a conversion of a directory to OpenLDAP. I 
stumbled upon some search results that I could not explain.
One of our programs searches for LDAP entries with a negation of 
certain object classes, so that extraneous entries are ignored. In 
OpenLDAP, if the passed objectClass is not defined (as a valid 
objectClass in the schema), it returns back nothing every time.
For example, as expected, this returns back entries without the 
surname xx:
$ ldapsearch -xb "o=OrgName,c=US" '(!(sn=xx))'
And this will return back entries that do not have the groupOfNames 
objectClass:
$ ldapsearch -xb "o=OrgName,c=US" '(!(objectClass=groupOfNames))'
But the negation of an undefined objectClass returns nothing (without 
any error):
$ ldapsearch -xb "o=OrgName,c=US" '(!(objectClass=xx))'
On another LDAP system (iPlanet), the last query above returns back 
all entries. Does OpenLDAP by design throw out the search for an 
objectClass value that is not defined? Could this be a configuration 
issue?