[RndTbl] Odd LDAP issue

Robert Keizer robert at keizer.ca
Tue Jul 17 15:05:01 CDT 2012

On 12-07-17 02:57 PM, Sean Cody wrote:
> K.
> Try variants of:
>   (&(&(uid=robert)(objectClass=clientAccount))(clientAccountEnabled=TRUE))
> The & operator is diadic and the previous queries were triadic so factor out into two diadic operations.  Try the. Pole an filter on it's own to validate that component then. Ombine after.
> Either that or your ldap filter implementation  isn't equating TRUE with the Boolean oid type.  Check for string issues like spaces or non-printables? (guessing at this point)

'(&(objectClass=clientAccount)(clientAccountEnabled=TRUE))' - fails
'(&(objectClass=clientAccount))' - works.

Also tried the nested diadic filter above.

I don't think string issues and/or spacing is an issue - I wasn't able 
to set the clientAccountEnabled field to anything but "TRUE" or "FALSE" 
.. syntax errors occurred as soon as I tried to set it to anything other 
than those.

It must be that the boolean OID type isn't being matched by the 
ldapsearch. Gah.


More information about the Roundtable mailing list