On 12-07-17 02:57 PM, Sean Cody wrote:
K.
Try variants of:
(&(&(uid=robert)(objectClass=clientAccount))(clientAccountEnabled=TRUE))
The & operator is diadic and the previous queries were triadic so factor out into two diadic operations. Try the. Pole an filter on it's own to validate that component then. Ombine after.
Either that or your ldap filter implementation isn't equating TRUE with the Boolean oid type. Check for string issues like spaces or non-printables? (guessing at this point)
'(&(objectClass=clientAccount)(clientAccountEnabled=TRUE))' - fails '(&(objectClass=clientAccount))' - works.
Also tried the nested diadic filter above.
I don't think string issues and/or spacing is an issue - I wasn't able to set the clientAccountEnabled field to anything but "TRUE" or "FALSE" .. syntax errors occurred as soon as I tried to set it to anything other than those.
It must be that the boolean OID type isn't being matched by the ldapsearch. Gah.
Rob