Hide Forgot
Description of problem: When I try to search directory (MS AD in my case) for set of entries defined by LDAP search filter in ldapsearch command line, I get all objects in directory. For example: ldapsearch domain.com -LLL -H ldap://domain.com:389 -b dc=domain,dc=com -x -D "cn=User,ou=Some_OU,dc=domain,dc=com" -w password -a always -l 0 -t 0 '(&(objectclass=user)(!(objectclass=computer)))' dn I expect to get set of entries without computers - however get all entries. Other filters does not work too. I've checked the same string on Slackware with openldap 2.4.31 - all works fine. Version-Release number of selected component (if applicable): 2.4.35-4.fc19 and later How reproducible: Always Steps to Reproduce: 1. Perform LDAP search with any filter Actual results: All directory entries in output. Expected results: Filtered set of entries in output. Additional info:
2.4.35 on Gentoo works fine too.
Filters work fine, your ldapsearch invocation is wrong. You use '-t 0' which probably messes up the filters. The -t parameter doesn't have an additional argument. $ ldapsearch -LLL -H ldap://localhost -x -l 0 -t -a always -b 'cn=config' '(objectclass=olcDatabaseConfig)' dn dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={0}config,cn=config dn: olcDatabase={1}monitor,cn=config dn: olcDatabase={2}hdb,cn=config Now with the '-t 0': $ ldapsearch -LLL -H ldap://localhost -x -l 0 -t 0 -a always -b 'cn=config' '(objectclass=olcDatabaseConfig)' dn dn: cn=config dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={0}config,cn=config dn: olcDatabase={1}monitor,cn=config dn: olcDatabase={2}hdb,cn=config